Deszardins | Personal data leakage at the Vieux-Longueuil cash register

Hugo Jonkas
Tap

An employee mistakenly sent their personal information to six Kais clients. The leak contains their dates of birth, account numbers and contact details. “It was an isolated incident and a human error that had no malicious intent,” said Chantal Carbeil, a spokesman for Desjardins.

The author of the leak wanted to send information about the administrative process to the six members, but he got the wrong file. Instead, according to the movement’s descriptions, he sent “a list of clients from his portfolio that he uses during his work.”

Tap Received a letter received by one of the victims of the violation. It was June 16, more than two months after the events. Missive indicates that Desjardins could not confirm that the confidential information sent by mistake was destroyed. “Unsuccessful, comprehensive steps have been taken to ensure the removal of the email,” explains the letter, signed by Rene Calfott, Acting General Manager of the Viox-Longuil Fund.

“Communication Problems”

Desjardines confirms that 200 security breach victims have been notified. Affected member who joined Tap Miracles, however, led him to tell Kaisse about the April 9 incident. “There’s a communication problem, it doesn’t work, this is the case! Pierre Gautier said. How did it take two months for the letter to arrive?”

The letter did not mention the other victims of the leak. “It feels hollow, it’s a reassuring letter,” he said.

Very accessible

Chantal Carbail emphasized that, in contrast to the 9.7 million people’s data stolen during the massive theft of confidential data announced by Deszardins in 2019, the erroneous employee had “legal access” to information sent “as part of his job”.

However, according to Nicholas Vermees, an information security expert at the Faculty of Law at the University of Montreal, the error can be prevented by relatively simple security measures. “The list has enough access to email,” he says. She should have good protection. The professor said that such information does not have to end up on the employee’s hard drive, otherwise a password is required to view it.

The financial institution said the employee behind the leak reported his mistake to management. “Kais immediately followed this policy and immediately called the various stakeholders needed from the Desjardines,” Chantal Carbeil wrote.

The movement emphasizes that there is “increased surveillance” on credit products owned by victims in the financial institution.