Desjardins says personal data of 2.9 million members breached | Zag Bank | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Desjardins says personal data of 2.9 million members breached
June 20, 2019
12:59 pm
Brimleychen
Member
Members
Forum Posts: 229
Member Since:
September 5, 2013
sp_UserOfflineSmall Offline
June 20, 2019
1:29 pm
Doug
British Columbia, Canada
Member
Members
Forum Posts: 2874
Member Since:
December 12, 2009
sp_UserOfflineSmall Offline

Unless specifically stated, I would say no because Zag Bank was a fully separate subsidiary, with entirely different banking systems and an online banking interface. Its I.T. infrastructure and databases were completely separate. So, unless the Desjardins' release specifically mentions Zag or other subsidiaries, I would say no.

On a related note, Zag Bank has wound down substantially all of their non-registered and registered GICs, save for maybe $200-300,000 in mostly RRSP/TFSA GICs, and maybe $15-25,000 in non-registered GICs. On mortgages, they've got maybe $100-200 million in mortgages outstanding, so I could very easily see them be fully wound down by the end of 2021 or 2022, if not sooner depending if they decide to sell off the remaining run-off mortgage portfolio to a larger player (i.e., First National, or to Desjardins itself) as a play to capture new business come renewal time. RBC Royal Bank did this with Ally when they closed Ally HISAs immediately at closing and had RBC Royal Bank assume any registered plan GICs. RBC Auto Finance also assumed the auto finance loan operations of Ally Canada. With regard to Ally mortgages, in a separate transaction, which were mostly securitized off-balance sheet, were sold (i.e., servicing rights and administration) to MCAP. Before the end of 2014, RBC was able to fully dissolve ResMor Trust Company.

Cheers,
Doug

June 20, 2019
4:25 pm
Briguy
Member
Members
Forum Posts: 258
Member Since:
March 17, 2018
sp_UserOfflineSmall Offline

https://www.cbc.ca/news/canada/montreal/desjardins-data-breach-1.5183297

It was revealed that over 40% of members of Desjardins had their information stolen by an employee including names, addresses, birth dates, social insurance numbers, email addresses and information about transaction habits.

June 21, 2019
1:35 pm
Saver-Mom
Member
Members
Forum Posts: 267
Member Since:
December 12, 2015
sp_UserOfflineSmall Offline

For those whose info was compromised, Desjardins initially offered to cover the cost of Equifax’s credit monitoring plan for a year, but have quickly upped the offer to five years of coverage. They are sending letters out to those concerned. Their phone lines are overcome.

June 21, 2019
6:51 pm
Bill
Member
Members
Forum Posts: 1409
Member Since:
September 11, 2013
sp_UserOfflineSmall Offline

In our open society there's no defence against embedded (criminal, terrorist, enemy nations, etc) employees, I'm guessing this will be a growing reality in the future and we'll just get used to it.

June 21, 2019
7:30 pm
Saver-Mom
Member
Members
Forum Posts: 267
Member Since:
December 12, 2015
sp_UserOfflineSmall Offline

From CTV: Desjardins Group is facing a legal backlash after a class-action lawsuit has been initiated in connection with a data breach affecting nearly three million members.
The proposed class action, filed in Quebec Superior Court on Friday, alleges the co-operative financial group was negligent in safeguarding its members' personal and financial information.

What impact will this have?

June 21, 2019
7:52 pm
AltaRed
Member
Members
Forum Posts: 895
Member Since:
October 27, 2013
sp_UserOfflineSmall Offline

I suspect the proposed class action suit will not be certified to proceed, or be without merit.... provided Desjardins had reasonable business controls in place to try and prevent such internal activity. There is not much a company can be held liable for, i.e. in terms of negligence, if a number of employees conspire to circumvent reasonably robust business controls.

FWIW, I was a participant in the Equifax credit monitoring plan for a year as a result of the Home Depot breach. Not sure I was overly impressed with it, but I did continue at my own cost for a further 18 months, just in case the perpetrators were waiting for the one year freebie was the starting gate for the sale of stolen information. At 15.95/month, it was expensive credit monitoring, though I suppose I could have downgraded to a $10 or $12 plan.

June 21, 2019
8:01 pm
Saver-Mom
Member
Members
Forum Posts: 267
Member Since:
December 12, 2015
sp_UserOfflineSmall Offline

Of the three Desjardins clients I know, 1 was compromised.
Wonder if this will have a major impact on bank’s viability or if a run could occur.

June 22, 2019
5:13 pm
Loonie
Member
Members
Forum Posts: 5404
Member Since:
October 21, 2013
sp_UserOfflineSmall Offline

As I heard it, the accounts themselves were not as vulnerable as the people's identities. If I were a Desj customer, I'd be more worried about identity theft than about the account. There's nothing you can do to change your birthdate. Maybe govt should consider a mechanism to issue new SINs in such cases?

The issue was a rogue employee and other employees who may have been unwittingly involved by sharing their passwords with that person, as I heard it. All of this was in violation of company policy. There might be arguments about how well that policy was disseminated or written etc., but it ought to be obvious in my view.
However, it could be argued that Desj should have realized that there was a problem in the pattern of PW use, I suppose; and supervisory negligence could potentially be an issue. It could also be argued that they did inadequate employee screening.
I wouldn't throw the class action out the window just yet, but I am not a lawyer.

June 23, 2019
10:56 am
Bud
Member
Members
Forum Posts: 563
Member Since:
February 20, 2018
sp_UserOfflineSmall Offline
July 15, 2019
9:44 am
Brimleychen
Member
Members
Forum Posts: 229
Member Since:
September 5, 2013
sp_UserOfflineSmall Offline

Desjardins to offer all members free, lifelong protection after data breach
https://www.cbc.ca/news/canada/montreal/desjardins-data-breach-protection-1.5212030

July 15, 2019
11:17 am
Nehpets
Ontario
Member
Members
Forum Posts: 532
Member Since:
December 20, 2016
sp_UserOnlineSmall Online

Brimleychen said
Desjardins to offer all members free, lifelong protection after data breach
 

Yes, but does that apply to clients of the now defunct ZAG bank??

Were clients of ZAG implicated in the breach?

Stephen

July 15, 2019
1:53 pm
AltaRed
Member
Members
Forum Posts: 895
Member Since:
October 27, 2013
sp_UserOfflineSmall Offline

I've not been notified from Desjardins so assume Zag was not compromised.

July 15, 2019
7:09 pm
Briguy
Member
Members
Forum Posts: 258
Member Since:
March 17, 2018
sp_UserOfflineSmall Offline

AltaRed said
I've not been notified from Desjardins so assume Zag was not compromised.  

Not being notified just means you weren't one of the 40% of the clients whose identity was stolen. That doesn't necessarily mean other Zag clients are in the clear, although common sense says they would be since it's a different bank. It'd be interesting to find out if a Zag client's identity was stolen for possibly some other reason if Desjardins would pay to defend them and assist them. I'm a Desjardins credit union customer who didn't get the email either, but I certainly will keep my account active just in case I get my identity stolen in the future. I might even take out one of their credit cards, which is why I had opened up the account to begin with, but hadn't gotten around to applying for the card yet.

July 15, 2019
7:56 pm
AltaRed
Member
Members
Forum Posts: 895
Member Since:
October 27, 2013
sp_UserOfflineSmall Offline

True but there has been no indication from Desjardins that the Zag database was compromised nor has any former Zag client come forward yet about being compromised. I am not sweating it.....

Please write your comments in the forum.