Desjardins, Equifax and Revenus Québec, victims of data theft - Understanding and protecting yourself

Desjardins, Equifax and Revenus Québec, victims of data theft - Understanding and protecting yourself

by Joe Shara on 11/12/2019 |

Updated at 21/09/2021

For several weeks now, Canada has been witnessing a succession of crises concerning the theft of personal data. Just a week ago, there was panic when it was announced that the data of 6 million Canadians had been stolen following a hacking incident at Capital One. Prior to this incident, it was the Desjardins bank that was the target of data theft.

Then it was announced that at Revenu Québec, some 23,000 employees were affected by a leak of personal information that a staff member had transferred outside the organization's workplaces

This succession of serious incidents reveals that the system is undermined by flaws that are clearly symptoms of deeper problems that, if governments do not put in place stricter rules regarding digital identity and affecting businesses, risk being repeated more often than we have seen in the past. There is a French proverb that says: "Aux grands maux, les grands remèdes". In this sense, we believe that all companies, regardless of their sector of activity, must take the threat of data theft seriously to:

  • Not to become victims
  • Protect their customers
  • Minimize losses (often in the millions of dollars)

Basically, prevention is better than cure, and the time to do it is now.

Recently, in an interview with Radio-Canada on the analysis of the recent Capital One hack, José Fernandez, a professor in the Department of Computer and Software Engineering at Polytechnique Montreal, said this:

"You can ask yourself if the banks are doing a good job," says Fernandez. The answer is that they are doing an acceptable job, well above average. They are among the best in class. "

In this interview, Fernandez expresses that the blame should not be placed solely on financial institutions and that those who think this way are partially wrong. As reported by Radio Canada, he said:

"The problem is not the banks, it's the society we live in, it's the government, it's the social insurance number," he continues. If we continue to use personal information to authenticate people, there will be an incentive for criminals to go out and steal that information. "

Authentication methods

In Canada, everyone is assigned a social insurance number, which is also used as a method of authentication for all types of financial and social transactions. Should we deplore the fact that financial institutions, governments and private companies consider the date of birth, the social insurance number and the mother's maiden name as secret information when we all know that it is very easy to have this information which is for the most part already very public.

So, is the real threat from the financial institutions?

I will tell you that it is not because I think that it is above all with the companies that use this personal information to identify their customers. In the most flagrant cases revealed to the public, it is always financial institutions and multinationals that are exposed. Moreover, I would like to rebound on this observation by illustrating some cases not always known to the public:

UBER: in November 2017, the CEO of Uber revealed that the data (names, email addresses and cell phone numbers) of 57 million users worldwide, including those of 600,000 drivers, were hacked at the end of 2016.

ASHLEY MADISON: In August 2015, it was a group of hackers who released 30 gigabytes of customer data from the Canadian adulterous dating site Ashley Madison containing the names, emails, and even sexual preferences of users. The revelations turn tragic with the suicide of subscribers in the United States and Canada. The boss of Ashley Madison must leave his position.

MARIOTT: the hotel and residence chain Marriott were the victim last November of a vast identity theft of its customers. Information about nearly 500 million of its Starwood customers was stolen by hackers.

FACEBOOK: Hackers took advantage of a security breach in September 2018 to steal the personal data of 29 million Facebook users. The hackers accessed their names, email addresses and phone numbers, and even, for some, their dating status or location.

How to protect yourself

If you are a business, it is important to take certain steps to successfully protect yourself from data theft (of any kind). This includes:

Understanding the types of data your business generates and processes

Setting up a sound, customized data architecture that takes into account vulnerabilities

In addition to these recommendations, it is also necessary within your company:

  • Grant different access rights
  • Use strong double authentication
  • Harden the protection of information
  • Implement information rights management
  • Record all modifications


Just like Desjardins, Equifax, or Revenus Quebec, no company no matter how big or small is immune to the risk of data theft. Companies must therefore continually review and improve their systems and review and update their security procedures to successfully minimize the risk of data theft. Also, the growing threat of data theft by company employees is increasing and to protect yourself you must take steps that are sometimes costly but important to the security of your information and the trust you have with your audience.

At Oshara Inc, we have security experts who can help you model or strengthen your security systems to protect your business.

Frequently Asked Questions

The list can be long. You have for example Desjardins, Equifax and Revenus Québec. But even more famous companies like Capital One, Ashley Madison, Facebook, Uber, Marriott, Yahoo!, British Airways, MyHeritage, Dubsmash, eBay, Home Depot, Snapchat, Target, Adobe ...

An SSL certificate allows you to have the green padlock next to your URL. This indicates that the web page uses the HTTPS protocol for secure communication.

In general, we have the organization, URL, state, and country, but also the validity period of the certificate.

Generally, you need to renew your certificate every 13 months at the most, depending on who you renew it with. A renewal request can take from a few minutes to several days (7) depending on your certificate and who is renewing it.

Joe Shara

Joe Shara is a in-house journalist and Oshara editor. Tech savvy guy who follows all the latest web & digital developments. Loves cats and complex coding problems.

Was this article useful?

People Who Read This Article Also Read...

How to install a Laravel web application that you cloned from Git

Laravel is a powerful php framework that allows you to create custom web applications

How to install a Laravel web a...

Everything You Need To Know About Communication Agencies

By definition, a communication agency (marketing) is a company that plans and harmonizes internal and / or external communication on be...

Everything You Need To Know Ab...

12 questions to ask when collecting customer data

Collecting data from customers is an important marketing strategy since it gives you information on what customers exactly want instead...

12 questions to ask when colle...

How to fix Joomla Error 0 'Cannot open file for writing log while updating'?

Did you already try udpating your joomla website and you got this error : "An error has occurred. 0 Cannot open file for writing log" ...

How to fix Joomla Error 0 'Can...

This is How you can Simplify Complex Enterprise Workflows in Your Business

A workflow is a repeatable scheme or pattern of a sequence of steps or activities that are undertaken to realize the completion of a pa...

This is How you can Simplify C...

Is ETL Still Relevant in 2019?

ETL is an abbreviation for extract, transform, and load. It is one of data integration tools used in the extraction of data from a sour...

Is ETL Still Relevant in 2019?