Canadian lender Desjardins Group has confirmed that the personal data of over 2.9 million of its members has been compromised.
The breach is said to be the result of an employee’s illegal use of internal data.
The employee, whose name was not disclosed, has been dismissed.
The breach leaked personal details such as last name, date of birth, social insurance number, address, phone number, email address as well as banking habits.
However, Desjardins assured that the incident did not affect its computer systems.
Passwords, security questions, and PINs were said to be unaffected by the incident, which affected 2.7 million individual members and 173,000 business members.
Desjardins Group president and CEO Guy Cormier said: “I’d like to reassure our members and clients: their accounts and assets with Desjardins are protected in the event of fraud.
“If they suffer a financial loss as a result of this situation, they will get their money back.
“We regret this situation and are making every effort to ensure that it doesn’t happen again.”
The lender said that it has deployed additional security measures to protect customers. One of these measures is to enhance procedures for authenticating customers.
Affected members will secure a credit monitoring plan and identity theft insurance for 12 months. This will be paid for by the lender.