Five more people were arrested last week by Quebec provincial police in connection with a data theft and fraud case involving the co-operative group Desjardins.
The alleged mastermind of the multi-million dollar case is a 42-year-old who worked in the company’s marketing department until 2019.
The five accused are each facing charges of fraud, identity theft and trafficking in identity information.
Meanwhile, three other people were arrested for allegedly using the stolen data to commit $8.6 million in fraud between 2018 and 2019.
It’s just the latest high-profile case involving the theft of personal information and fraud from a major organization.
(File Photo)
Local privacy consultant Dave Morgan of Morgan Privacy Consulting says while many businesses and organizations are focused on cyber attacks from unknown criminal elements, this case is different.
He says there have been plenty of stories in recent years of ransomware and cyberattacks where criminals either steal information or encrypt information and seek a huge ransom to get it back. “In this case, they had an internal employee who stole that information, and then that information was sold to other people who used that to commit fraud.”
The more sensitive the information, the greater the threat, says Morgan, but that doesn’t mean that a business that limits access to sensitive information is in the clear.
“Different businesses have different types of data, so if a business or organization doesn’t have sensitive information, then they’re likely a lot safer,” says Morgan, “but it’s important to recognize that every organization likely has employee information, so they have taxation forms, they have HR files, that sort of thing. So there are always threats against every business.”
