etat-situation-coronavirus-20200710.JPG

Gaps in safeguards led to massive Desjardins security breach: privacy commissioners

The mass data breach at Desjardins — the largest ever in the Canadian financial services sector — was caused by a series of gaps in the Quebec company’s security setup, according to a new investigation by the federal and Quebec privacy commissioners.

“Desjardins did not demonstrate the appropriate level of attention required to protect the sensitive personal information entrusted to its care,” Daniel Therrien, the privacy commissioner of Canada, wrote in a release published this morning.

“The organization’s customers and members, and all citizens, were justifiably shocked by the scale of this data breach.”

The report says the breach compromised the data of nearly 9.7 million Canadians.

For at least 26 months, a “malicious” employee copied sensitive personal information collected by Desjardins from customers who had bought or received products offered directly or indirectly by the organization, the report says.

The probe found a series of gaps in the company’s administrative and technological safeguards.

“Desjardins had recognized some of the security weaknesses that ultimately led to the breach and had developed a plan to remedy them. Nonetheless, it failed to rectify the issues in time to prevent what happened,” said Therrien.

“Moreover, the breach occurred over more than a two-year period before Desjardins became aware of it, and then only after the organization had been notified by the police.”

However, Therrien said he is satisfied with the mitigation measures Dejardins offered to the affected customers after the breach.


Source link

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Leave a Reply