Skip to main content

Five more arrests, including main suspect, in fraud, data theft at Desjardins

The head offices of Caisse Desjardins are seen, Wednesday, February 24, 2021 in Montreal. (Ryan Remiorz/The Canadian Press) The head offices of Caisse Desjardins are seen, Wednesday, February 24, 2021 in Montreal. (Ryan Remiorz/The Canadian Press)

Quebec provincial police have arrested five people in connection with a multimillion-dollar fraud and the theft of data belonging to almost 10 million clients of the co-operative financial group Desjardins.

Among those arrested, police said Thursday, is the alleged architect of the scheme, Sébastien Boulanger-Dorval, 42, who worked in the marketing department at the financial institution until 2019, the year the theft was discovered.

The four other people arrested are Jean-Loup Masse-Leullier, 32, François Baillargeon-Bouchard, 35, Laurence Bernier, 29, and Charles Bernier, 31. They face charges including fraud, identity theft, and trafficking in identity information.

Police said arrest warrants have been issued for three other people allegedly involved in the crimes at Desjardins: Mathieu Joncas, 38, Maxime Paquette, 38, and Juan Pablo Serrano, 38.

At a news conference in Quebec City on Thursday, provincial police spokesman Benoît Richard said the investigation "shed light on how suspects obtained personal information, the ways in which this personal information was then traded between suspects and how these lists were sold to malicious individuals operating several fraud schemes."

On Wednesday, Montreal-area police said they arrested three other people connected to the case: Ayoub Kourdal, 36; Imad Jbara, 33; and an unnamed third person. Laval police said the three suspects used the stolen Desjardins data to commit fraud totalling $8.9 million between September 2018 and January 2019.

The Office of the Privacy Commissioner of Canada and the Commission d’accès à l’information du Québec published scathing reports in 2020 that concluded Desjardins failed to show the level of attention required to protect its customers' data.

The OPC report said Desjardins notified the federal office on May 27, 2019, about a breach involving close to 9.7 million individuals in Canada and internationally. It found that Desjardins had been aware of the security weaknesses that led to the breach, but failed to address them in time. The breach occurred "over more than a two-year period before Desjardins became aware of it, and then only after the organization had been notified by the police," the report said.

This report by The Canadian Press was first published June 13, 2024. Top Stories

Stay Connected