Information belonging to over a million Quebec residents from the 2019 Desjardins data breach has resurfaced on the dark web. This alarming development raises concerns about identity theft and cybersecurity. An expert indicates that the risk associated with this information is now greater than it was six years ago.
Details of the Data Breach
The information, which includes social security numbers, birth dates, and full names, can be accessed through a specific URL and a Tor browser. Reports confirm that the file was still available for download as recently as Sunday. Jean Loup Le Roux, a cybersecurity expert, remarks that such detailed data provides a “starter kit” for fraudsters.
Cyber Extortion Threat
The cyber extortion group known as Coinbase Cartel is reportedly behind this data publication. They demand a ransom from Desjardins and threaten to release further information on 9.7 million accounts if their demands are not met. However, a spokesperson for Desjardins, Jean-Benoît Turcotti, states that these claims are unfounded and that they will not comply with the ransom request.
Investigation Status
The Sûreté du Québec is investigating the situation seriously. Lieutenant Grégory Gomez del Prado confirms that they are aware of the Coinbase Cartel group. He asserts that the current data leak is tied to the 2019 incident, not a new breach.
Potential Risks and Recommendations
The resurfaced data suggests a heightened risk of identity fraud. Experts advise maintaining vigilance and monitoring credit reports closely. Stéphane Auger, an IT and cybersecurity firm vice president, emphasizes that once information is disseminated online, it can re-emerge at any time. He suggests the importance of identity surveillance services, especially as the complimentary service provided by Desjardins has expired for many members.
Advice for Affected Individuals
- Monitor your credit report regularly.
- Consider placing a credit freeze with major agencies like TransUnion and Equifax.
- Call Desjardins to restrict foreign transactions if not traveling.
- Utilize two-factor authentication apps for additional security.
Historical Context of the 2019 Breach
The original breach occurred on June 20, 2019, when an employee of Desjardins unlawfully accessed sensitive customer data. The former president of Desjardins assured that such incidents would not happen again. In the subsequent years, security measures have been reassessed, particularly with respect to identity protection for clients affected by the breach.
Upcoming Legal Actions
On June 13, 2024, there are plans to arrest individuals allegedly involved in the data exfiltration. Furthermore, a deadline for claiming compensation due to identity theft from a class action against Desjardins is set for October 20, 2025.
This recent development indicates the persistent issues surrounding data security and identity theft. As the situation evolves, both organizations and individuals must remain aware and proactive in protecting their data.
