The fallout continues from the major data leak at Desjardins Group after the company announced the leak also affects credit card holders and other financing clients with the company.
The Quebec-based financial institution said on Tuesday that the breach also touched an additional 1.8 million credit card holders.
“However, it’s important to note that Desjardins’ internal review and analysis has not shown that any of this additional information has been shared by the ill-intentioned ex-employee with third parties,” the company said in a statement.
Desjardins said credit cards and other payment methods have not been compromised. This includes PINs, passwords and security questions.
The institution is now extending the privacy protection measures it offered to clients following the leak. All Desjardins’ clients and members are now eligible for protection.
The breach came to light in June when Desjardins said the personal information of nearly three million members was shared illegally by an employee. As part of the breach, the employee was reportedly able to leak social insurance numbers and other sensitive information to third parties outside of the organization.
In November, the company announced the breach was wider in scope than initially believed and affected 4.2 million of its banking members in Quebec and Ontario.
The company’s internal review and latest information from police still point to a single ex-employee at the heart of the incident, according to Desjardins.
Desjardins said it is still working closely with police and reports there is “no significant uptick” in fraud at the banking institution.
The latest announcement comes a few days after the departure of two executives — former chief operating officer Denis Berthiaume and Chadi Habib — at Desjardins.
— With files from The Canadian Press