CBC News | John Lancaster | Dec 2, 2019

As Quebec police continue to investigate the massive Desjardins security breach, one family who banks with the credit union is wondering whether their personal information may have made it into the hands of a Toronto woman that police have described as a "professional" and "prolific" fraudster.

Five members of one family near Kapuskasing, Ont., about 800 kilometres north of Toronto, have filed numerous police reports after someone took out thousands of dollars in loans, credit cards and purchased a car — all using the identity of a 26-year-old female family member.

"She's going to be stuck with this the rest of her life. She's going to have to monitor her credit for the rest of her life. She's even thought of changing her name. It's life-changing," said the woman's mother, speaking about the bills racked up in her daughter's name.

"We were wondering who can do that? What do they look like? How do they pass for her?"

The family has asked to not be identified, due to the privacy breaches they've already suffered and the fact no arrests have been made. They provided CBC News with dozens of documents outlining the apparent identity theft.

See:  Capital One data breach shows why it shouldn’t be a tech company that does banking

The whole family banks with Desjardins and were notified in June that each of their personal information had been stolen as part of a data breach affecting all 4.2 million members of the Quebec-based credit union — considered to be one of the largest corporate data thefts in Canadian history.

That same month, a series of loans and purchases were made by someone using the daughter's identity.

Condo address as link?

The family reached out to CBC News after our investigation last month revealed that a Toronto woman named Deborah Oguntoyinbo is facing more than 50 fraud-related charges, allegedly involving the stolen identities of some 20 women.

She was previously living in a 22nd-floor condo unit at 50 Forest Manor Rd. in Toronto.

The northern Ontario family says they've learned that whoever stole their daughter's identity fraudulently purchased auto insurance in her name using the same Toronto condo address.

CBC has also since uncovered information that shows Oguntoyinbo rented the condo using an identity stolen from yet another woman.

Oguntoyinbo has been convicted of more than a dozen fraud-related charges and is currently facing more than 50 additional charges in Toronto, as well as in the nearby York, Peel and Halton regions.

See:  Black Friday, data concerns, online sales: 5 killer stats

It's alleged she's stolen the identities of some 20 women, draining their bank accounts and leasing homes and cars in their names. In many cases, the alleged victims' credit ratings have been destroyed.

Continue to the full article --> here

Montreal Gazette | Frédéric Tomesco  | Nov 1, 2019

The data breach at Canada’s largest financial co-operative keeps getting bigger (now 4.2 million)

All of Mouvement Desjardins’s individual members — 4.2 million people — have had their personal information compromised as a result of the actions of a single employee, who has since been fired, chief executive officer Guy Cormier said Friday. That’s about 56 per cent more than the total Desjardins first disclosed June 20.

With the Sûreté du Québec having shared its findings with Desjardins on Thursday, “it was important for me to inform our members as quickly as possible,” Cormier said Friday morning at a hastily called news conference in Montreal.

See:  Canada’s “spare change” saving and investing app gets backing from National Bank and Desjardins Capital

“Today it feels like I’m repeating a movie,” he said. “This is not a new breach.”

Autorité des marchés financiers, the province’s financial markets regulator, said it was informed of the latest developments at the end of the day Thursday.

“This is a very serious situation that the AMF has kept a careful watch on from the outset,” the regulator said Friday in a statement. AMF “is staying in close contact with Desjardins in order to obtain all the necessary information regarding this new development.”

Quebec Finance Minister Eric Girard went one step further, calling the incident “extremely serious.”

The provincial government “understands the concerns of the citizens, and we are acting,” he told reporters Friday afternoon in Quebec City. Still, he acknowledged, “we don’t know at this stage what proportion of the stolen data was sold.”

Girard, one of three ministers in the provincial government who are looking after the Desjardins file, said he’s preparing a bill of law to better regulate credit-rating agencies. Justice Minister Sonia LeBel, meanwhile, is working to improve the protection of personal data.

Cormier declined to give details on the police investigation, citing the sensitivity of the matter. As of now, only one suspect who worked at Desjardins is being linked to the breach, he said, without identifying the individual.

Reached by the Montreal Gazette, a spokesperson for the SQ declined to provide details of the investigation Friday.

In June, Desjardins said the names, dates of birth, social insurance numbers, addresses and phone numbers of about 2.7 million individual members were affected, plus 173,000 business customers.

Passwords, security questions and personal identification numbers weren’t compromised, Desjardins stressed at the time. It blamed the breach on an “unauthorized and illegal use of internal data” by the former employee.

Desjardins has seen no spike in fraud since the breach was disclosed, Cormier said Friday. Between 250 and 350 people have called the co-operative’s hotline every week to request information, he said.

Continue to the full article --> here