The June data breach at Desjardins, a Canadian financial firm, affected far more than 2.7 million people, which was reported at the time. That number has now been revised to 4.2 million, the organization’s entire membership base.
The incident was already one of the biggest leaks at a financial institution ever. In June it was already known that this involved, among other things, the name, address, date of birth and information about expenses that the customers have made. However, passwords and pin data have not been stolen, Desjardins said. The development in the case is reason for the government of the province of Quebec to take steps to better protect security and the protection of personal data, Reuters writes.
The data was taken by an employee of Desjardins, who deliberately put them on the street. The Canadian police have now managed to arrest this ex-employee. According to Canadian media, the police are still investigating the matter.
This is not a digital attack. The president of Desjardins said in June that the employee was working in the data department, but did not have access to all the data that was stolen. He would have gained the trust of colleagues and used their access to collect the data and take it with him.