Desjardins Company CyberSecurity Posture

desjardins.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Desjardins Group is the largest cooperative financial group in North America and the fifth largest cooperative financial group in the world, with assets of $435.8 billion as at March 31, 2024. It was named one of Canada's Best Employers by Forbes magazine and by Mediacorp. To meet the diverse needs of its members and clients, Desjardins offers a full range of products and services to individuals and businesses through its extensive distribution network, online platforms and subsidiaries across Canada. Ranked among the world's strongest banks according to The Banker magazine, Desjardins has some of the highest capital ratios and credit ratings in the industry and the first according to Bloomberg News.

Desjardins A.I CyberSecurity Scoring

Desjardins

Company Details

Linkedin ID:

desjardins

Website:

http://www.desjardins.com/fr/bienvenue.jsp

Employees number:

43,222

Number of followers:

365,039

NAICS:

52211

Industry Type:

Banking

Homepage:

desjardins.com

IP Addresses:

Scan still pending

Company ID:

DES_2216604

Scan Status:

In-progress

AI scoreDesjardins Risk Score (AI oriented)

Between 650 and 699

https://images.rankiteo.com/companyimages/desjardins.jpeg
Desjardins Banking
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreDesjardins Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/desjardins.jpeg
Desjardins Banking
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Desjardins

Weak
Current Score
678
B (Weak)
01000
2 incidents
-59.5 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

JANUARY 2026
677
DECEMBER 2025
743
Breach
25 Dec 2025 • Desjardins: Montana Attorney General launches investigation into Lee Enterprises data breach
Lee Enterprises Ransomware Attack and Data Breach

**Montana AG Investigates Lee Enterprises Ransomware Attack Impacting 40,000** A ransomware attack on **Lee Enterprises**, a Davenport, Iowa-based media company, has prompted an investigation by **Montana Attorney General Austin Knudsen**. The breach, attributed to the **Qilin ransomware group**, compromised the personal data of nearly **40,000 employees and subscribers** earlier this year. Lee Enterprises owns multiple newspapers in Montana, including the *Helena Independent Record*, *Billings Gazette*, *Missoulian*, and *Montana Standard*, as well as dozens of other publications nationwide. While the company has not publicly detailed the extent of the exposed data, the incident marks a significant cybersecurity failure for the media organization. The Montana AG’s office confirmed the investigation on **Friday**, though official details had not yet been posted on its website at the time of reporting. This follows a broader trend of escalating ransomware attacks, with **2023 seeing record-high incidents and payments**, according to a **FinCEN report**. The breach adds to a growing list of cyber incidents in 2024, including a **second data exposure in seven months** at **Methodist Homes of Alabama and Northwest Florida** and a **security lapse at Virginia Urology**, where purported patient data began leaking online. Meanwhile, federal authorities secured a conviction against a **Nigerian national** for wire fraud, aggravated identity theft, and unauthorized computer access, underscoring the global reach of cybercrime. Lee Enterprises has not yet issued a public statement on the investigation’s status or remediation efforts.

677
critical -66
DES1767941129
Incident Details -
Type
Ransomware, Data Breach
Impact
Data Compromised: Personal data of nearly 40,000 employees and subscribers Identity Theft Risk: Aggravated identity theft risk (referenced in related case)
Data Breach
Type Of Data Compromised: Personal data Number Of Records Exposed: Nearly 40,000 Sensitivity Of Data: High (personally identifiable information) Personally Identifiable Information: Yes
Regulatory Compliance
Legal Actions: Montana Attorney General’s investigation
Investigation Status
['Ongoing (Montana Attorney General’s investigation)']
References
Blog URL Source URL
NOVEMBER 2025
794
Breach
06 Nov 2025 • Desjardins: Man wanted in connection to Desjardins data breach arrested in Spain
Desjardins Data Breach and Fraud Scheme

**Key Suspect in Desjardins Data Breach Arrested in Spain After 17-Month Manhunt** Juan Pablo Serrano, a fugitive wanted in connection with the 2024 Desjardins data breach, was arrested in Spain on November 6, 2025, following a joint operation by Spanish authorities, Quebec provincial police, and Interpol. Serrano, 40, had been at large since June 2024 and was among Quebec’s most wanted individuals. Interpol issued a Red Notice for his arrest, enabling global law enforcement to track and detain him. He now faces extradition to Canada, where he will be charged with identity theft, fraud exceeding $5,000, and trafficking in identity information. Serrano is accused of purchasing stolen Desjardins customer data from Sébastien Boulanger-Dorval, a former Desjardins marketing employee, and using it to carry out fraud schemes. Boulanger-Dorval, 42, was arrested in 2024 and charged with fraud, identity theft, and the illegal sale of personal data—allegedly to settle debts. He was identified as the primary suspect in the breach, having exploited his access to sensitive information while employed at the financial institution.

741
critical -53
DES1767719603
Incident Details -
Type
Data Breach Fraud Identity Theft
Attack Vector
Insider Threat
Motivation
Financial Gain Debt Repayment
Impact
Data Compromised: Desjardins members and customers data lists Brand Reputation Impact: High Legal Liabilities: Yes Identity Theft Risk: High
Response
Third Party Assistance: Interpol, Spanish authorities, Quebec provincial police Law Enforcement Notified: Yes
Data Breach
Type Of Data Compromised: Personal Information Sensitivity Of Data: High Data Exfiltration: Yes Personally Identifiable Information: Yes
Regulatory Compliance
Legal Actions: Yes
Investigation Status
['Ongoing (Extradition pending)']
Initial Access Broker
Entry Point: Insider (Sébastien Boulanger-Dorval) High Value Targets: Desjardins members and customers data
Post Incident Analysis
Root Causes: Insider threat, unauthorized data access and sale
References
Blog URL Source URL
OCTOBER 2025
793
SEPTEMBER 2025
793
AUGUST 2025
793
JULY 2025
793
JUNE 2025
793
MAY 2025
793
APRIL 2025
793
MARCH 2025
793
FEBRUARY 2025
793

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Desjardins is 678, which corresponds to a Weak rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for December 2025 was 743.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 794.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 793.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 793.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 793.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 793.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 793.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 793.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 793.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 793.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 793.

Over the past 12 months, the average per-incident point impact on Desjardins’s A.I Rankiteo Cyber Score has been -59.5 points.

You can access Desjardins’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/desjardins.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Desjardins’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/desjardins.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.