A massive data breach last year at Desjardins credit union has turned out to be bigger than originally thought, affecting all 4.2 million of its customers, Canada’s largest banking co-operative said Friday.
Quebec provincial police “informed us that this breach of personal information concerns a greater number than that which was communicated in June,” Desjardins president and chief executive Guy Cormier told a news conference.
“It is 4.2 million, so all of our individual members, who are affected,” he said.
Desjardins discovered the unauthorized access to its members’ information in December 2018, but it was only confirmed by police in June.
The credit union said at the time that an employee — who has since been fired — had stolen the personal banking information of 2.9 million customers and distributed to outside parties.
The information theft included names, dates of birth, contact information and banking habits.
Passwords and other security information however were not compromised.
Desjardins reassured its customers that it would provide support — including both financial redress and the services of lawyers and psychologists — in the event of fraud or identity theft related to the data breach.
Police say the fired Desjardins employee is still the only suspect.