After Desjardins announced an insider security breach in June, many have been calling for an emergency meeting to discuss the breach and possible ways to remedy the situation. While some members of the opposition have been calling on the government to issue new Social Insurance Numbers (SIN), a senior official from Service Canada said new insurance numbers would not necessarily stop the fraud, and could result in further errors during the re-issuing process.
Desjardins will offer permanent data protection to all members. Desjardins also committed $50,000 each for clients affected by identity theft, and will offer legal assistance, so rather than clients calling numerous government agencies to resolve the situation, Desjardins will walk them through the process.
Desjardins CEO Guy Cormier was called to testify before the committee. While suggesting it was too early for a full post-mortem, as police were still conducting their investigation, Cormier said the employee alleged to be behind this massive leak of private information broke all of the rules, and as soon as his actions were brought to their attention, Desjardins took action as soon as possible. Further, Cormier also said the current system for identifying Canadians is inadequate for the digital age. Though he didn’t comment on what those new identifiers should be, he suggested the government create an advisory group to consider a new framework on digital data and identity, with the mandate to collaborate with members of the financial, telecommunications, and legal sectors to work on new ways to protect Canadians’ information. "Status quo is not an option," Cormier told reporters following the meeting. He said in today’s world data is so integrated to the economy that "we have to be really, really careful about the people, the companies, and how we manage this data."
In addition to Cormier, Denis Berthiaume, the chief operating officer at Desjardins, also spoke at the emergency meeting. He said the cybersecurity risk posed by employees was one of the most difficult to manage. Former Desjardins CEO Claude Béland, now 87, is also a victim of the breach. He revealed that he recently received several notices for unpaid balances on credit cards that he had not signed up for. Béland wondered if Desjardins does an adequate job screening its employees. Or, according to Berthiaume, if the breach is the result of an employee who managed to violate all those rules and procedures, despite having strong security policies in place.
Employee screening and employee engagement are just another key ingredient in your business’s cyber security procedures. Imagine if you have done everything right in prevent an outside threat, but manage to lose customer data through a rogue employee? While the government and police continue to investigate, it remains to be seen if Desjardins did all they could to prevent this breach from happening, or if major fines will be levied.
Don’t want to have to attend an emergency government meeting to discuss a breach at your business? Contact Uzado today to learn how to protect your customer’s data and your reputation.