The main suspect in the massive data theft at Desjardins reportedly had $ 30,100 in cash and more than 20 prepaid credit cards at home when Desjardins Group investigators made their civil seizure at his home in May 2019. He also allegedly confessed to selling confidential information for 15 months before being spotted.
This is what can be learned from the slightly unperturbed versions of court documents released on Tuesday. These relate to the Desjardins investigation into Sébastien Boulanger-Dorval, former employee and number one suspect in the investigation into the theft of personal information of 9.7 million members of the Mouvement.
This information flowed “at the rate of about one sale every two or three months”, according to the report of a meeting with the investigators of his employer at the time.
During their visit to Sébastien Boulanger-Dorval in Saint-Charles-de-Bellechasse, they noted that there were “security cameras in the house to check and monitor access”.
But above all, the investigators got their hands on an external hard drive which “contains all the information relating to the members and clients of Desjardins that he has sold”, according to what he would then have told them. During the meeting, the suspect allegedly offered to “collaborate” to “return the files sold illegally and identify them”.
” Financial problems ”
The ex-employee of Desjardins would have started to amass confidential data about three months before starting their sale, according to the statement of an investigator of the Sûreté du Québec (SQ), which is also among the unavailable documents.
Sébastien Boulanger-Dorval would have explained his actions by saying he had “financial problems arising from an old relationship”, indicates the SQ. The police were trying to obtain, for their own investigation, the evidence that Desjardins had gathered.
All of the documents, which are 461 pages long, relate to the Anton Piller order obtained by the Movement when it discovered that its employee had stolen data from it. This type of procedure allows a civil party to carry out a search.
Key stolen
Before making this seizure on May 26, 2019, the Mouvement had asked Sébastien Boulanger-Dorval to give it a USB key in which he would have downloaded “40 confidential files”. Instead, he would have handed her another empty key and attempted to erase the data on her computer, as reported. Press last December 2.
PHOTO FROM COURT DOCUMENTS
According to Desjardins, Sébastien Boulanger-Dorval gave him this USB key, here connected to an electronic survey tool, rather than giving his investigators the one in which he would have downloaded data on his clients.
“Boulanger is therefore still in possession of confidential information relating to Desjardins members and clients, including financial information and social insurance numbers,” the lawyers of the Mouvement indicated at the time. The financial institution said it feared that he had acted “for criminal purposes”.
In addition to the empty USB key and hard drive, the Desjardins security team seized a computer, a cell phone, several other keys, memory cards and an electronic tablet.
It also noted that Sébastien Boulanger-Dorval had made an important transfer of information via the online service WeTransfer, on May 2, 2019.
The procedures indicate that the Movement entrusted part of the investigation to Mandiant, a subsidiary of the American firm FireEye, specializing in cybersecurity.
The massive leak of confidential data, made public in June 2019, affected a total of 9.7 million customers.
No criminal charges were laid against Sébastien Boulanger-Dorval or other suspects in this investigation.