(Reuters) - Canadian lender Desjardins Group said on Thursday an unauthorized use of internal data by an employee led to breach of personal information including social insurance number, address and details of banking habits of more than 2.9 million members.
The issue came to light after Quebec’s Laval police contacted the company confirming that personal details of its members had been shared with individuals outside the organization.
Desjardins, the largest association of credit unions in North America, said the concerned employee has been fired and as a precautionary measure it will offer affected members a credit monitoring plan and identity theft insurance for 12 months.
Last year, Bank of Montreal and Canadian Imperial Bank of Commerce said that cyber attackers may have stolen data of nearly 90,000 customers in what appeared to be the first significant assault on financial institutions in the country.
This story corrects to “last year” from “last month” in paragraph 4
Reporting by Arundhati Sarkar in Bengaluru; Editing by Arun Koyyur