There appears to be more movement in the Desjardis data breach. The company has now apparently fired the COO and head of IT.
There is more fallout from the Desjardins data breach. Back in June, the personal information of the then reported 2.7 million customers had their personal information. Desjardins said at the time that a former employee obtained that information at the workplace and walked off the premises. The explanation had people questioning how it is possible that a single employee could have access to all that data like that.
Things grew quiet on that story for a while, but then grew legs starting in November. That was when the number of affected customers grew to 4.2 million. For some, this sounds like one of the stories where the number of affected just keeps spiralling upwards. In this case, that isn’t happening because that number represents their entire customer base. In short, there is nothing left that could be affected.
Later on last month, after so much foot dragging, the Quebec government, the Canadian province this company is based in, announced that they will investigate. Opposition party members questioned whether or not this inquiry will go far enough.
Now, it appears that there is more dramatic fallout from the data breach story. The companies Chief Operating Officer (COO) and their head of IT is now gone. From CTV:
Chief operating officer and executive vice president Denis Berthiaume, the number two man at Desjardins since 2016, and Chadi Habib, its senior vice president of information technology, are no longer with the company, Desjardins announced Tuesday.
The changes were first announced to employees by Desjardins CEO Guy Cormier and were later made public via a communique.
Desjardins said the departures were a result of “internal verifications” made in light of the data breach, which was made public this past June.
Cormier said the events of the past few months necessitated changes in Desjardins’ senior management.
The article goes on to say that Desjardins also plans on opening up a new security bureau to coordinate security initiatives in the company.
One valid question to ask in all of this is what percentage is this the result of the data breach and what percentage is this because of the ensuing coverage in all of this. At the very least, this announcement was made after the Quebec government said that they were going to be launching an inquiry into the breach. At minimum, this story will likely resurface into the news once the inquiry gets underway. Also at minimum, this is going to represent a low in the companies history. From a PR perspective, it is going to take time after the inquiry just to heal up from the massive blow this is striking the company.
While all of this will likely seem demoralizing for employees of the company, from what we’ve seen in data breaches, things can get a whole lot worse. Earlier this year, we also saw a string of healthcare breaches. Several million patients had their health information compromised in breach after breach after breach. Finally, we found out that the source of the breach revolved around the AMCA which served as a portal service for these health organizations. In spite of the millions in contracts the company had, the breach ultimately caused the company to declare chapter 11 bankruptcy. So, if employees thought things couldn’t get any worse, believe us when we say that we have, in fact, seen much worse.
At this stage, all we can do is watch to see what else unfolds for the company. At the very least, it’s still operating, but it does have a long road ahead of it still.
Drew Wilson on Twitter: @icecube85 and Facebook.