Desjardins faked a computer failure to pinch the prime suspect in the massive leak of confidential customer data in 2019, court documents released on Monday reveal.
They relate to the internal investigation carried out by the Mouvement on its former employee Sébastien Boulanger-Dorval.
“Around 1 pm on Friday, May 24, a decision was made by Desjardins to cut off access to a system used by several Desjardins employees, including Boulanger, mentions a summary of the investigative techniques used. Desjardins simulates a failure of this system so as not to arouse Boulanger’s suspicions. ”
An hour later, the Mouvement took the opportunity to remotely access his computer and make a copy of three “suspicious files”, while he was working from home.
“From that moment on, Boulanger’s access to the systems is disabled and close monitoring is put in place on his laptop,” added Desjardins lawyers.
These explanations can be found in a request to carry out a civil seizure of the “Anton Piller” type, on May 26, 2019.
USB key
Thanks to this operation, the Movement’s investigators noted “that at 3 pm, Boulanger plugged a USB key into his work computer in order to transfer confidential files”.
Desjardins then contacted the suspect, claiming that his laptop was “infected with a virus” and that the Mouvement must “recover it without delay”.
A security employee advises him over the phone not to use the device while waiting for a team member to arrive, claiming a malware infection.
Nothing works. According to the account of the events, Sébastien Boulanger-Dorval all the same turns on his computer and destroys information.
An employee of the surveillance office tries to get to his home, but does not have the right address. Desjardins calls his employee back to take his real contact details and advises him that he must also return “the USB key that he had plugged into his computer around 3 pm”.
The Movement finally got its hands on the equipment at 8 p.m., but its staff realized that Sébastien Boulanger-Dorval deceived them by handing over another key, according to the documents.
Finally, Desjardins manages to identify the list of 40 files that he had transferred to his device. This list will remain redacted since it contains confidential information.
Cash, a hard drive and “confessions”
The partially publicized request on Monday allowed the Movement to seize equipment from its employee on May 26, 2019. Security employees found $ 30,100 in cash and more than twenty credit cards in his residence. prepaid, according to court documents that La Presse has previously reported.
Sébastien Boulanger-Dorval would have admitted to having sold confidential information for 15 months before being spotted.
The investigators in particular got their hands on an external hard drive which “contains all the information relating to the members and clients of Desjardins that he sold”, according to what the ex-employee would then have told them.
The massive leak of confidential data, made public in June 2019, affected a total of 9.7 million customers.
No criminal charges were laid against Sébastien Boulanger-Dorval or other suspects in this investigation.