Desjardins to pay nearly $201M in settlement related to 2019 data breach

Financial services firm Desjardins Group will pay up to nearly $201 million to settle a class-action lawsuit related to a data breach in 2019 that affected nearly 9.7 million Canadians.

The agreement, which is subject to approval by the Quebec Superior Court, would allow eligible individuals who were affected by the privacy breach announced in June 2019 to receive a payment.

The settlement applies to members and former members as well as clients and former clients of the financial co-operative who have held Desjardins credit cards or financing products.

Read more:

Data breach at Desjardins caused by series of gaps, privacy watchdog says


Desjardins says there’s no need for people to contact it before the agreement is approved and a claims process begins.

Story continues below advertisement

Plaintiff law firms Siskinds Desmeules and Kugler Kandestin say the agreement provides compensation for loss of time related to the personal information breach, as well as compensation for identity theft.

Click to play video: 'How to better protect yourself from data hacking'

How to better protect yourself from data hacking

How to better protect yourself from data hacking – Jul 31, 2019

It also provides members Equifax credit monitoring service coverage for five years, and an extension by at least five years of the other protective measures implemented by Desjardins following the breach.

A report by the federal Privacy Commissioner attributed the data breach to a series of technological and administrative gaps at Desjardins.

Read more:

Desjardins Group says 2019 theft of 4.2 million members’ data cost $108 million

For at least 26 months, a rogue employee siphoned sensitive personal information collected by Desjardins from customers who had purchased or received products through the organization, a report by the commissioner found.

Story continues below advertisement

For some, the data included first and last names, dates of birth, social insurance numbers, street addresses, telephone numbers, email addresses and transaction histories.

The breach occurred over more than a two-year period before Desjardins became aware of it, and then only after the organization had been notified by police, he added.

© 2021 The Canadian Press