BreachExchange mailing list archives
Desjardins had 'series of gaps' in system, leading to massive data breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 14 Dec 2020 09:27:33 -0600
https://www.yahoo.com/entertainment/desjardins-had-series-of-gaps-in-system-leading-to-massive-data-breach-144930455.html Desjardins had a “series of gaps” in its systems that failed to meet the requirements under Canada’s privacy act to protect 9.7 million Canadians after a data breach, Canada’s privacy watchdog says following an investigation. The investigation’s results, released today, said the financial services cooperative did not have proper policies and procedures for managing personal information; access controls and data separation was inadequate; employee training and awareness were lacking; and the bank did not put a retention period or procedure with respect to the destruction of personal information. “Desjardins did not demonstrate the appropriate level of attention required to protect the sensitive personal information entrusted to its care,” Daniel Therrien, Canada’s privacy commissioner, said in a release. “The organization’s customers and members, and all citizens, were justifiably shocked by the scale of this data breach. That being said, we are satisfied with the migration measures offered to those affected and the commitments made by Desjardins.” The data breach took place last summer, when an employee leaked names, addresses, social insurance numbers, birth dates, email addresses, and information about users’ transaction habits. At the time, Desjardins confirmed that it had not been a target of a cyberattack and that the employee had been fired. Desjardins did recognize some of its security weaknesses, the release said, but “failed to rectify the issues in time to prevent what happened.” “Moreover, the breach occurred over more than a two-year period before Desjardins became aware of it, and then only after the organization had been notified by the police,” the release said. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Desjardins had 'series of gaps' in system, leading to massive data breach Destry Winant (Dec 14)