The sensitive personal information of more than one in three Quebecers is now freely accessible on the dark web . The publication of this data, originating from the 2019 Desjardins data breach, by the Coinbase Cartel hacking group represents a greater danger than ever before, according to cybersecurity experts.
Data from nearly four million customers published
By first publishing the data of one million Desjardins customers a few weeks ago, the group of hackers threatened Desjardins with publishing the entire dataset in its possession if the cooperative did not transfer a large sum of money to it.
The sensitive personal information of more than one in three Quebecers is now freely accessible on the dark web . The publication of this data, originating from the 2019 Desjardins data breach, by the Coinbase Cartel hacking group represents a greater danger than ever before, according to cybersecurity experts.
By initially publishing the data of one million Desjardins customers a few weeks ago, as reported by La Presse , the group threatened Desjardins with the release of its entire dataset if the cooperative did not transfer a substantial sum of money. Coinbase Cartel has now followed through on its threats.
The cyber extortion group published an Excel file on the dark web last Sunday containing, among other things, the social insurance numbers, dates of birth, and names of 3.8 million Desjardins customers, including 3.6 million Quebecers. This number includes the first million customers affected by the data breach.
When consulted by La Presse , the document was accessible in a few clicks, with the correct URL link and a Tor browser, which allows access to the dark web .
"There are so many potential frauds stemming from this leak," says Jean Loup Le Roux, president of the cybersecurity firm MAGNA. "The risk for customers has just multiplied."
Ryan Zorn, president, CEO and founder of CyberAGroup, which notably provides open-source intelligence services to the federal government, echoed this sentiment.
"This data was circulating only within a small network of criminals [before last month]. Now, all malicious individuals online have access to it," warns the expert, whose work involves monitoring the online underworld, on the dark web or platforms like Telegram and Signal, for example.
Desjardins spokesperson Jean-Benoît Turcotti believes that this data "was already available to people who wanted to acquire it."
Protected customers?
"The main thing to remember is that Desjardins members and clients remain protected," said Mr. Turcotti in a telephone interview. "Desjardins Protection guarantees a refund in the event of an unauthorized transaction in the accounts, supports members in the event of identity theft and allows monitoring of their Equifax and TransUnion file directly in AccèsD with alerts in the case of TransUnion," explains the spokesperson for the Quebec cooperative.
However, this protection would not be sufficient to safeguard victims of data breaches, according to expert Jean Loup Le Roux. "I could, just off the top of my head, cite twenty or thirty risk scenarios that don't necessarily involve credit reports."
Jean Loup Le Roux is calling on Desjardins to change its stance regarding the reappearance of this data: "At least, don't downplay the impact this has on citizens."
"Such data could be used by malicious individuals to commit all sorts of abuses, terrorism for example," Ryan Zorn also points out.
La Presse was able to confirm the presence of data from several prominent Quebecers in the political, artistic or media spheres.
A call to malicious employees
Coinbase Cartel left a short message in the same folder as the sensitive data: "We are looking for privileged contacts within large companies. Our strong reputation guarantees security and significant compensation. Contact us to discuss."
"This is the first time I've seen such a solicitation within the company," reacted Ryan Zorn, whose job exposes him to such cyber extortion attempts.
The entire Desjardins data breach affair reportedly began with an employee who had access to the information as part of their job, and who then exfiltrated it.
I think this is just the beginning of this new trend of insider threats. Companies should focus on this aspect of cybersecurity.
Ryan Zorn, President, CEO and Founder of CyberAGroup
To do this, organizations can implement a "layered system of measures, procedures, techniques, human resources, and threat intelligence to try to reduce [their] risk," says cybersecurity expert Jean Loup Le Roux. "But it will never be zero. Why? Because of MICE."
MICE is an acronym that details the various reasons why an individual might betray their employer: money, ideology, coercion, and ego – the acronym comes from the English words money , ideology , coercion , and ego .
According to Jean Loup Le Roux, good management of internal threats in sectors considered sensitive, such as defense or the financial sector, therefore implies a background check of employees, for example.
Labeling data according to its sensitivity level then makes it possible to identify unusual behavior. For example, "if an employee sends a very large file of sensitive data at 3 a.m.," a computer program would be able to identify the risk.
The Desjardins spokesperson is keen to emphasize that the cooperative employs "more than 1500 employees whose job is to protect the personal information of Desjardins members and clients from both external threats and internal threats" and that Desjardins employees only have access "to the data they need to have access to," and no more.
Another leak?
Coinbase Cartel has promised to release new data from Desjardins, which would be recent this time.
“Is this group a credible group? We at Desjardins have our opinion. We are talking about a group that retrieved data that was already available, tried to pass it off as new data, and finally confirmed that it was data from 2019,” said Jean-Benoît Turcotti in a telephone interview.
The cyber extortion group stated earlier in October that the data it was publishing was recent, whereas it now admits that it comes from the 2019 leak.
With the special collaboration of Jean-Hugues Roy
La Presse is Quebec’s most widely read digital news source, reaching approximately 4 million readers each month—about 60% of Quebec’s adult population. It is the largest independent French-language newsroom in North America, and its influence, audience engagement, and reputation make it one of the most important media outlets in Canadian journalism today.