Skip to main content

Desjardins president and CEO Guy Cormier speaks at a news conference in Montreal on June 20, 2019.Paul Chiasson/The Canadian Press

Desjardins Group is facing a legal backlash after a pair of class-action lawsuits were initiated in connection with a data breach affecting nearly three million members.

Filed in Quebec Superior Court, the proposed class actions allege the financial co-operative either violated its members’ privacy rights or showed negligence in safeguarding their personal and financial information.

Desjardins chief executive Guy Cormier said on Thursday a former employee shared the personal information of more than 2.9 million members with third parties outside of the organization.

Desjardins Group suffers massive data breach of 2.9 million members by rogue employee

The data includes social-insurance numbers, names and addresses, and affects 2.7 million individual members and 173,000 business members.

One application, filed on Thursday by law firm Siskinds Desmeules on behalf of a Quebec City resident, seeks compensatory and punitive damages.

The other, filed on Friday by the law firms LPC Avocat and Kugler Kandestin on behalf of a Montrealer, says the fact that additional security measures were implemented following the internal breach suggests Desjardins failed to live up to its obligations and owes the applicant $300, plus damages.

On Friday, Desjardins extended its offer to pay for a credit-monitoring plan and identity-theft insurance for affected members to five years, up from the 12 months announced on Thursday.

Quebec’s financial watchdog is warning Desjardins members they may be the target of fraudulent e-mails, texts and phone calls.

“Fraudsters may be tempted to contact you to extract personal information under the pretext that they are doing so in connection with security measures or updates stemming from the incident discovered on June 20, 2019,” the financial markets regulator said in a release.

The first proposed lawsuit notes that the full impact of the “illegal data transmission” – affecting 41 per cent of Desjardins members and first detected in December – remains “unknown.”

“With almost three million individuals and businesses affected, whoever he sold it do or disclosed it to … if that took place … that is a treasure trove to potentially make false refund claims on HST or income tax returns or even insurance,” said Denis Meunier, former deputy director of the Financial Transactions and Reports Analysis Centre of Canada.