Desjardins, Canada’s largest credit union, has announced a security breach caused by an employee.

The bank said in a statement posted on its website that a bank employee had taken the data of 2.9 million members (2.7 million users & 173,000 business contacts) from its database.

After learning of the incident from Quebec police last week, Desjardins said it promptly fired the employee.

Desjardins security breach

The bank reported that only personally-identifiable information was taken, but no passwords, account PINs, and credit and/or debit card numbers.

The exposed information for home users included first and last name, date of birth, social insurance number, address, phone number, email address, and details of banking habits.

For business customers, stolen information included business name, business address, business phone number, owner’s name and names of users on the AccèsD Affaires account.

Desjardins have said they have started notifying affected customers of the breach, and all impacted individuals and businesses will receive notification letters about the breach.

The Desjardins Group (Mouvement des caisses Desjardins) is a Canadian cooperative that is the largest federation of credit unions in North America, and is considered among the World’s Strongest Banks according to the Banker. It was founded in 1900 in Levis, Quebec by Alphonse Desjardins.