Data theft in Desjardins | A fake computer failed to trap the suspect

Court documents released on Monday revealed that Desjardins faked a computer malfunction in pressuring the prime suspect in the massive leak of confidential customer data in 2019.


Hugo Juncas

Hugo Juncas
Journalism

It relates to the movement’s internal investigation into its former employee, Sebastien Boulanger-Dorval.

At about 1 p.m. on Friday, May 24, Desjardins made the decision to cut off access to a system used by several of Desjardins’ employees, including Boulanger, and states a summary of the investigative methods used. Desjardins mimics the failure of this system so as not to arouse Boulanger’s suspicion. ”

An hour later, the movement took the opportunity to access his computer remotely and make a copy of three “suspicious files”, while he was working from home.

“From that moment on, Boulanger’s access to the systems was disrupted and close monitoring was placed on his laptop,” Desjardins’ lawyers added.

These explanations can be found in Anton Beller Civil Detention Request, May 26, 2019.

USB key

Thanks to this process, motion investigators noted that “at 3 p.m., Boulanger connected a USB key to his work computer in order to transfer confidential files.”

A copy of court documents

The USB key that Sebastien Boulanger Dorval gave to Desjardins investigators instead of the key containing the stolen information, according to court documents. Here it is connected to a computer scanning device.

Desjardins then contacted the suspect, claiming that his laptop was “infected with a virus” and that the movement “must restore it without delay”.

A security employee advised him over the phone not to use the device while waiting for a team member to arrive, claiming it was infected with malware.

Nothing works. According to the narration of events, Sebastian Boulanger-Dorval turns on his computer and destroys the information.

An employee of the probation office tries to get to his house, but does not have the correct address. Desjardins calls his employee to take his real contact details and tell him he must also return “the USB key he had connected to his computer at about 3pm”.

The movement finally obtained the equipment at 8 p.m., but its employees realized that Sebastien Boulanger-Dorval had deceived them by handing them another key, according to the documents.

Finally, Desjardins was able to locate a list of 40 files he transferred to his device. This list will remain revised as it contains confidential information.

Cash, Hard Disk, and “Confessions”

The request, which was partially announced on Monday, allowed the movement to seize equipment from its employee on May 26, 2019. Security personnel found $30,100 in cash and more than two dozen credit cards at his residence. .

Sebastien Boulanje Dorval had admitted selling classified information for 15 months before he was spotted.

In particular, the investigators got their hands on an external hard drive “containing all information relating to members and clients of Desjardins that he sold,” the former employee told them.

The massive leak of confidential data, announced in June 2019, affected a total of 9.7 million customers.

No criminal charges have been brought against Sebastien Boulanger-Dorval or other suspects in this investigation.

Frank Mccarthy

<p class="sign">"Certified gamer. Problem solver. Internet enthusiast. Twitter scholar. Infuriatingly humble alcohol geek. Tv guru."</p>

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top