Financial services firm Desjardins Group will pay up to nearly $201 million to settle a class-action lawsuit related to a data breach in 2019 that affected nearly 9.7 million Canadians.
The agreement, which is subject to approval by the Quebec Superior Court, would allow eligible individuals who were affected by the privacy breach announced in June 2019 to receive a payment.
The settlement applies to members and former members as well as clients and former clients of the financial co-operative who have held Desjardins credit cards or financing products.
Desjardins says there’s no need for people to contact it before the agreement is approved and a claims process begins.
Plaintiff law firms Siskinds Desmeules and Kugler Kandestin say the agreement provides compensation for loss of time related to the personal information breach, as well as compensation for identity theft.
It also provides members Equifax credit monitoring service coverage for five years, and an extension by at least five years of the other protective measures implemented by Desjardins following the breach.
A report by the federal Privacy Commissioner attributed the data breach to a series of technological and administrative gaps at Desjardins.
For at least 26 months, a rogue employee siphoned sensitive personal information collected by Desjardins from customers who had purchased or received products through the organization, a report by the commissioner found.
For some, the data included first and last names, dates of birth, social insurance numbers, street addresses, telephone numbers, email addresses and transaction histories.
The breach occurred over more than a two-year period before Desjardins became aware of it, and then only after the organization had been notified by police, he added.
Comments