Quebec-based Desjardins Group is the biggest conglomerate of credit unions in North America, that includes Desjardins Insurance, The Personal, Zag Bank, and others in its portfolio of businesses.
Guy Cormier, the president and CEO of Desjardins Group, announced on Thursday, June 20, that an employee has improperly accessed and shared information. This has led to the private information of 2.7 million customers and 173,000 businesses being shared with people outside the organization. This was not a cyber attack. But that does not make it sound any better. It actually makes it worse. Why?
A company can put in a firewall, invest heavily in cyber security and other counter measures to stop a cyber attack. But when an employee shares, wittingly or not, login info or other private information, there is no counter measure. That employee has been fired. But the damage has already been done.
This highlights the importance of ensuring that staff is trained in cyber security, privacy, and spotting phishing emails as well as other spam. Every employee should be aware of the real dangers of sharing, deliberately or not, passwords and usernames.
The shared information includes names, phone numbers, social security numbers, email addresses, info about transaction habits, etc. What you would need for identity theft. According to Cormier, login data has not been compromised. If that is any consolation.