The Quebec-based Desjardins Group has admitted to being victimized by the largest data breach in Canadian history.
Laval police informed the financial-services giant that personal information of more than 2.9 million members has been shared with people outside of the organization.
This includes 2.7 million people and 173,000 businesses.
"This situation is the outcome of unauthorized and illegal use of our internal data by an employee who has since been fired," Desjardins said in a statement. "In light of these events, and given the circumstances, additional security measures were put in place on all accounts."
Desjardins, which is the largest federation of credit unions in North America, will be informing people by letters if they've been affected.
Leaked data included first and last names, birthdates, social insurance numbers, addresses, phone numbers, email addresses, and details about banking habits.
However, passwords, security questions, and PINs [personal information numbers] were not disclosed.
The cooperative also includes insurance, real estate, venture capital, and brokerage divisions.
"I'd like to reassure our members and clients: their accounts and assets with Desjardins are protected in the event of fraud," group president and CEO Guy Cormier said in a statement. "If they suffer a financial loss as a result of this situation, they will get their money back. We regret this situation and are making every effort to ensure that it doesn't happen again."
Members and clients who have questions are being encouraged to call 1-800-CAISSES [224-7737] from 9 a.m. to 9 p.m., seven days a week.
The largest data breach in history occurred in 2013 when three billion Yahoo accounts were hacked. The following year, 500 million yahoo accounts were hacked.
In 2019, information was leaked on 540 million Facebook users due to poor security.