OTTAWA—A parliamentary committee is grappling with the consequences of a major data breach at Desjardins Group.
The breach, revealed in June, affected roughly 2.7 million people and 173,000 businesses.
Desjardins Group said names, addresses, birthdates, social-insurance numbers, and other private information was leaked.
The Quebec-based financial institution said a single employee, who has been fired since the breach was detected in December 2018, was responsible. A police investigation into the incident is ongoing.
John McKay, the Liberal chair of the committee, said prior to the meeting several witnesses were set to appear, including cybersecurity experts from the RCMP, as well as other government officials and Desjardins employees.
Conservative Leader Andrew Scheer has called for the committee to examine whether issuing new social-insurance numbers to Desjardins members could protect them from identity theft and further privacy violations.
Speaking prior to the meeting, Conservative members described the possibility of re-issuing social-insurance numbers as just one of several that they might hear about.
“At the end of this, we’re hoping to get some clarity from witnesses on the way forward,” said Alberta Conservative MP Glen Motz.
“I think it’s important to recognize that many options are available to government” to determine how to mitigate the effects of the breach both to Desjardins’ clients today and Canadians in the future, he said. Asked about Desjardins’ role in the situation, Motz said the financial institution, though it bore some responsibility, “is also a victim in this.”
“We’re here to listen to them, to understand their perspective, and to develop a way forward that is going to be advantageous to all Canadians,” he said.
The NDP member on the committee, Quebec MP Matthew Dube, also said prior to the meeting that it was not necessarily about confronting Desjardins but more about finding a productive way forward.
He added there is clearly an appetite among Quebecers to examine the possibility of changing social-insurance numbers.
Dube did not support the proposal, though, voicing skepticism that the federal government would be able to smoothly execute such a big move.
In addition to the committee’s study, privacy commissioners in Ottawa and Quebec will be working in tandem to investigate the issue and determine whether Desjardins had adequate data-protection policies in place.
Speaking to reporters separately Monday, Desjardins’ chief executive Guy Cormier said 13 percent of the co-operative’s members—more than 360,000 people—had signed up for credit monitoring through Equifax, one measure Desjardins is offering to protect victims of the breach.
Desjardins says it will offer any clients who were victims of identity theft access to lawyers and experts and reimburse them for certain expenses incurred as a result of such a theft.