OTTAWA — The federal privacy watchdog says a series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest in the Canadian financial services sector.
In a report today, privacy commissioner Daniel Therrien says Desjardins did not demonstrate the level of attention needed to protect the sensitive personal information entrusted to its care.
The incident compromised the data of nearly 9.7 million Canadians.
Therrien says that for at least 26 months, a malicious employee was siphoning sensitive personal information collected by Desjardins from customers who had purchased or received products through the organization.
The commissioner says the investigation into the breach sheds light on the risks of internal threats, whether they are intentional or not.
Therrien’s office and the Commission d’accès à l’information du Québec, which also published its decision today, co-ordinated their respective probes.
This report by The Canadian Press was first published Dec. 14, 2020.