author photo
By SecureWorld News Team
Fri | Jun 21, 2019 | 2:11 PM PDT

They are words a CEO never wants to write.

"This situation is the outcome of unauthorized and illegal access to our internal data by an employee who has since been fired."

Desjardins, Canada's largest credit union and the world's fifth largest, announced the damage from an insider threat.

A total of 2.9 million customers had data collected and shared outside the company by a now former employee.

CBC News captured the emotion of the moment for Guy Cormier, President and CEO of Desjardins Group, who said the following when he announced the breach:

"I won't say all the words that I have in mind at the moment, because I know I'm in front of television cameras."

He went on to announce five years of free credit monitoring for those impacted by the data breach.

Insider threats: Ponemon Institute surprise results

Dr. Larry Ponemon says he recently came across surprising findings about companies and the insider threat. 

We interviewed him before his keynote at a regional SecureWorld conference.

Dr. Ponemon's research revealed that many companies actually make a decision to discount red flags involving current employees and insider threats.

"We found that companies err on the side of goodness. They don't want to accuse somebody without full evidence of a crime, so they write it off as negligence," he told SecureWorld. 

"And we discovered insider threats are not viewed as seriously as external threats, like a cyber attack. But when companies had an insider threat, in general, they were much more costly than external incidents. This was largely because the insider that is smart has the skills to hide the crime, for months, for years, sometimes forever."

We know this much: police started investigating the case about six months ago. It's unclear why the employee, the insider threat, kept access for so long during the research into unusual activity.

Desjardins warns about phishing attacks following data breach

Now the credit union is warning customers that the data breach will likely lead to additional cybercrime attempts against customers:

desjardin-credit-union-breach-phishing

For more coverage on Insider Threats, see our topic tag here.

Comments