The personal information of more than 2.9 million Desjardins members was compromised by an employee, who leaked the data to individuals outside the organization, according to the credit union.
The leak came to light after Laval police approached Desjardins with information showing that the employee, who has since been fired, stole the data of 2.7 million individuals and 173,000 businesses.
Because the leak came from an employee and Desjardins’ computer systems were not compromised, the leak is not classified as a cyber-attack.
Desjardins Chief Operating Officer Denis Berthiaume said no increase in fraud has been detected following the leak. President and CEO Guy Cormier said that any Desjardins member who is financially affected are insured.
"I want to be really clear, our members will be reimbursed. There is no cost for our members. But it's too early right now to measure anything on that," he said.
The credit union said in a statement that additional security measures have been put in place on all accounts and all members affected by the incident will be contacted by mail.
Among the data that was compromised were first and last names, dates of birth, social insurance numbers, addresses, phone numbers, email addresses and details about banking habits.
Passwords, security questions and personal identification numbers were not compromised, according to Desjardins.
The credit union will also offer affected member a free credit monitoring program and identify theft insurance for 12 months as a precaution.