The organization notes that it spent over 9,000 hours investigating the incident and found no evidence that the stolen data has been misused or published on the dark web.
However, to help mitigate the risks, CIRO will be providing all affected investors with a free-of-charge two-year credit monitoring and identity theft protection service.
Client data from Desjardins hack in 2017 is only resurfacing and beeing abused now. 2 years protection won’t do much for their affected clients. Five months from detection to disclosure is a disgrace for an institution.