Desjardins Data Breach Leads to $9M Fraud Conviction

Two men in their 30s have pleaded guilty in Joliette after orchestrating a massive fraud that targeted clients of Desjardins, one of Quebec’s largest financial institutions. The scam, which involved nearly $9 million, exploited what has been called the largest personal data breach in Quebec’s history. The victims, unsuspecting account holders, saw their money siphoned away while the perpetrators indulged in luxury items, including Rolex watches and designer jewelry.

Ayoub Kourdal, 37, and Imad Jbara, 34, formally entered their guilty pleas on Wednesday, sparing themselves a trial that was scheduled to begin in January 2026. A third person linked to the scheme, Nassim Alikacem, remains at large. Their arrests in 2024 marked the culmination of a long investigation that began in December 2018 by the Laval Police Service, later expanded into a larger operation by the Sûreté du Québec, known as Project Portier. The probe focused on the theft and resale of personal data from 9.7 million Desjardins members.

Also Read:

• Australia Post Restores Weekend Deliveries Ahead of Christmas Rush
• Tom Wilson Making a Strong Case for Team Canada Spot

The scheme was sophisticated. Kourdal posed as genuine clients, often imitating the voices of elderly account holders, to contact Desjardins’ customer service. Claiming to have lost access to their accounts, he used illegally obtained personal information to bypass security protocols and secure temporary login credentials. Once inside, he transferred funds to shell companies, beneficiaries in Canada and abroad, and even jewelry stores in the United States. Jbara, who had no prior criminal record, played a supportive but critical role by storing the stolen data, while Kourdal executed the majority of the fraud.

The scope of the data stolen was staggering, including social insurance numbers, health card details, addresses, dates of birth, complete banking profiles, and even maternal surnames. In some cases, the fraudsters temporarily hijacked victims’ phone lines or email accounts to intercept authentication processes, leaving the victims not only financially compromised but also without access to essential communication channels.

Between September 2018 and January 2019, 31 fraudulent operations targeted 41 people, including lawyers and notaries, who had trust accounts containing clients’ funds. Desjardins fully reimbursed the affected clients, absorbing a net loss exceeding $3 million. The suggested sentences presented to the court were six years for Kourdal and four years for Jbara, with the requirement that they repay substantial sums or face extended prison terms.

This case underscores not only the dangers of data breaches and identity theft but also the elaborate methods fraudsters can use to exploit confidential information. While justice has been served for the two men now behind bars, one accomplice still evades capture, leaving a reminder that vigilance in protecting personal data remains more important than ever.

Read More:

• Islanders Visit Red Wings in a Thrilling Showdown Tonight
• Arman Tsarukyan Set to Shine in UFC Qatar Main Event