Canada’s privacy watchdog has launched an investigation into a massive data breach at Desjardins Group that has impacted nearly three million people.
The federal Office of the Privacy Commissioner of Canada said the probe will examine whether Desjardins followed federal and provincial laws around personal information protection. The privacy commissioner in Quebec, where Desjardins is based, is participating in the federal investigation.
Desjardins, a financial co-operative, operates mainly in Quebec where it is subject to provincial law but falls under federal privacy rules for its activities across Canada. Last month, two class-action lawsuits were initiated that allege the organization either violated its members' privacy rights or showed negligence in safeguarding their personal and financial information.
The data breach included the social insurance numbers, names and addresses of 2.7 million Desjardins customers and 173,000 business accounts. Desjardins said it is co-operating with authorities in the investigation.
The Desjardins security breach is among the biggest in Canada to come about internally, rather than via external cyberattacks. The Bank of Montreal (TSX:BMO) and the Canadian Imperial Bank of Commerce (TSX:CM)both suffered data breaches last May. Equifax announced in 2017 that a massive data breach compromised the personal information and credit card details of 143 million Americans and 100,000 Canadians. In August 2018, 20,000 Air Canada customers learned their personal data may have been compromised following a breach in the airline's mobile app.
