When Alphonse Desjardins started his business on December 6th, 1900, I am sure he never dreamed that 120 years later the company could lose 3 million customer records. You would have needed trucks back then to move those files. Today, a tiny USB stick can do the trick.
Who is Dejardins you ask? Desjardins is the largest federation of credit unions in North America with $295.5 Billion in assets and employs over 46,000 employees.
Being in the shoes of Guy Cormier (pictured above), current president and CEO of Desjardins Group, must be difficult to say the least! An employee of Dejardins with criminal intent was somehow able to retrieve and share the information of about 3 million customers with unnamed individual(s). The employee was since fired and arrested pending charges by Quebec’s Laval police. I can only imagine what Guy Cormier would like to do with the employee who stole the records that will surely affect millions of customers and damage the reputation of the company.
Businesses spend zillions on beefing up their IT Security protection to ensure they keep hackers out and their data safe. However, most security experts know that the weakest link is still the employees as they can unknowingly or knowingly bring malware into the company’s network by simply clicking on the wrong e-mail or accessing the network from some unsecured point.
That said, how can any company protect against a bad employee walking out with data on a USB stick? This brings a whole new level of security concerns into the game of an already secured environment. I would assume that the company’s employees access to data will be reviewed to understand how it happened so it may prevent it from happening again. I guess the big question is how could anyone be able to download that many files without getting flagged? I would have assumed that after the first 100 records were downloaded, guns would have been drawn.
Sadly, the breach affects about 2.7 million people and 173,000 businesses. That’s about 40 per cent of the company’s customer base!
Information stolen included names, addresses, birth dates, social insurance numbers (social security), email addresses as well as information about transaction habits. Yikes! What this will mean to these customers and businesses down the road is open for debate, but it will not be good.
When sensitive data like social insurance or social security numbers are stolen, it opens up a whole new can of worms as bad actors can do some serious damage. This is a huge breach and one of the biggest in Canada!
Businesses have to manage security risks from both outside invaders and inside jobs. It that even possible?
Of course Dejardins is taking this seriously and have already taken initial steps to mediate the problem. They also say that none of their members will lose any money. That is comforting to know, but beyond the money how will the customers lose time and energy combating any identity theft issues that may arise in the future. If that was not a big enough headache, what about the transaction habits of the customers and how that data could be mined and used. Remember the 87 million Facebook users’ data that were already leveraged for some political interference in the Cambridge Analytical scandal. Just a couple of months ago 540 million records of Facebook users were publicly exposed on Amazon’s Web Services, but that’s another story.
What I am equally concerned about is how this incident will justify more enhanced monitoring of employees in this and every other company. Corporations will certainly use this as a powerful example to implement more stringent security policies and surveillance of its employees in order to protect their data. How would you like to be an honest employee to now have to put up with the enhanced big brother monitoring?
I don’t know how this could ever be stopped but maybe channel partners may want get a piece of this revenue opportunity pie by offering employee surveillance solutions to their customers. This problem is definitely not limited to financial institutions!
I don’t know if Dejardins has done anything wrong or could have prevented this from happening. It seems to be a very solid company and I actually know some people who like to bank with them. It happened, now we will see what the company does to fix this, support its customers and not automatically treat all of its other good employees like potential criminals.
If you are a Dejardins customer and want to know more, then visit their special web site.
KEEP IN MIND: Data is the new gold and there is probably no limits that bad actors will go to get it! Ultimately, it is up to you to protect your personal data!
You may want to protect your data and privacy always and start by NOT giving up your personal information to companies who just ask for it! Ease up on your social networking, think before adding those popular listening devices in your home and scrutinize the apps that you use. Think twice the next time you buy something at a store and the clerk casually asks you for your phone number or your e-mail address. Remember, as you continue to give up little pieces of your data to different organizations, it does not take much for the data gods to collect all and mend them together to get the big picture on you.
It’s like death of your personal identity by a thousand bites!