Desjardins: one year later than withholding data leak

Yesterday, it was a year to the day that the Canadian company in Desjardins was the victim of one of the largest data thefts in Quebec's history.

What was learned from this great computer incident. Would there be improvements in people's data protection. Is there still progress to be made in this area? questions that are asked at the same time, individuals specialists and authorities.

This article will also interest you: Desjardins: data theft wasn't just about the Canadian bank

Over the past year, the Legault government has continued to multiply initiatives while improving the security of personal data in Quebec citizens and the cybersecurity of computer infrastructure. This is clearly established in his promise of digital transformation, justifying the appointment of Eric Cairo as delegate.

During December 2019, a bill was proposed to regulate some agencies, particularly those responsible for credit reporting. The purpose of the legislation is to introduce a kind of "safety freeze" to consumers, so that they do not have loans. Since last March with Bill 64, the Quebec government has been placing an even greater emphasis on cybersecurity by requiring all public bodies to provide timely security for the personal data entrusted to them. In addition to public institutions, private organizations are also in the firing line of this new legislative proposal. They face fines of up to $25 million for problems with the protection of their customers' personal information. "It's going in the right direction," says Steve Waterhouse, an information security specialist and professor at the University of Sherbrooke. "It's going to work in the next few years and it's going to help strengthen the security of personal data in Quebec. adds the expert.

For another teacher, Professor José Fernandez, a lecturer in the Department of Computer Engineering and Software Engineering at Polytechnique de Montréal, the Desjardins case was something that would have boosted the protection of computer systems in Quebec, especially authentication. "It's something we didn't talk about three or four years ago, now we're talking about it. Did Desjardins push Quebec to go further? Yes, probably. We are talking about the long winter of artificial intelligence; there has been the long winter of digital identity, hopefully now it may be spring. stresses the Professor.

According to the CEO of cybersecurity company Eva Technologies, Quebec is sufficiently equipped with a fairly strong beacon in terms of authentication, and preservation of digital identity, like of course the driver's license: "We are so close… There is already a barcode at the back, we would only have to make a database with health insurance, we would have the basis of our national identity card. ».

The Desjardins computer incident, which cost the financial institution nearly $108 million and affected 8 million individuals, and not even enough education in The entire computer landscape of Quebec. Indeed, whether it is the authorities companies to the same population, this problem has been enough to raise awareness among all these actors about the danger posed by cybercrime and the important issue of computer security in everyday life. No awareness-raising or even marketing companion would have had as much effect. "When I work for a client, the first thing I ask him is: "Do you want a Desjardins scenario to arrive at your house?", it's a string I don't like to pull, but it's a fact: the Desjardins case serves as a scarecrow… Jean Loup Le Roux, a specialist in computer security, explained. The fact that The data theft experienced Desjardins was thanks to a fairly conventional method already known by security officials and thanks to limited technological tools, cybersecurity was literally demystified. "There has been a lot of noise around the dark web and Chinese or Russian hackers, but the reality on the ground is much more mundane. Someone from the intern had access to far too much information, he exfiltrated it with methods that should have been monitored and sold it to contacts in real life. We start from James Bond scenarios and realize that the reality is often much simpler. adds our specialist.

"Every week there is news on this, Avon, Visa, SMEs, financial institutions… Quebecers understood how vulnerable he was to cyber malice. As Steve Waterhouse notes. Eric Parent, another security professional, added: "It changed the perception of people who thought they were untouchable: everyone was touched, even me who is not a customer."

On the organization's side, Desjardins has announced several reforms within it. The movement even claims to have "increased its internal security, but there is no audit of an independent organization that has been able to confirm this," reports Waterhouse. Last December, the Desjardins movement created a security office. A unit that brings together nearly 900 experts from the company. This office does have within it another unit specifically designed to fight financial crimes, as described by Chantal Corbeil the word of the movement. "For several years, Desjardins has been significantly increasing its investments in information security[plus de 100 millions cette année par rapport à 70 millions l’an dernier]. We will continue to do so," she added.

Now access an unlimited number of passwords: