MONTREAL — Desjardins Group says the personal information of more than 2.9 million of its members has been shared with individuals outside of the organization.
The Quebec-based financial institution says the breach affects 2.7 million individual members and 173,000 business members.
It says the situation is the result of unauthorized and illegal use of its internal data by an employee who has since been fired.
Personal members may have had several pieces of personal information released including their name, date of birth, social insurance number, address, phone number, email address and details about their banking habits.
The company says passwords, security questions and personal identification numbers were not compromised.
Desjardins noted the incident was not the result of a cyberattack and that its computer systems were not breached.