Desjardins Group, a federation of credit unions in Canada, announced that personal information of nearly 1.8 million credit cardholders was compromised during the data breach first revealed in June.

These credit cardholders were not the member of Desjardins, the Canadian firm said in a statement. This is in addition to 4.2 million banking members, who were initially believed to have been affected.

Reports suggest that the data breach was an insider act. A rouge staff of Desjardins leaked sensitive personal information such as social insurance numbers to third parties.

Desjardins said that just personal information has been compromised and credit cards, debit cards data, PIN, and data related to security questions are still safe.

In order to avoid the reoccurrence of similar incidents, Desjardins reshuffled its senior management team and established the Desjardins Group Security Office.

By deploying an industry-standard security reporting process, the security office will safeguard the assets and personal information of Desjardins members and clients.

Desjardins CFO Réal Bellemare said: “In addition to the security investments we made earlier this year and the creation of the Desjardins Group Security Office, we’re substantially increasing our security budget moving forward.”

Desjardins said that its identity protection programme will cover to all its members and clients.

Desjardins Group president and CEO Guy Cormier stated: “As we’ve been saying since we first announced it, we intend to update Desjardins Identity Protection as needs evolve.

“Until Canada develops a robust digital identity system, we believe that expanding coverage to a larger group of people is the right thing to do. In the meantime, we intend to offer the best possible protection against identity theft. We hope the rest of the industry will follow suit.”