Fraudsters Admit Using Desjardins Data Breach to Steal Nine Million
Two men have confessed to defrauding clients of Desjardins, embezzling close to $9 million. This act has unveiled the largest personal data breach in Quebec’s history. Crown prosecutor Caroline Gagné noted that the fraudsters were driven by greed, using the stolen funds to fund a luxurious lifestyle, including Rolex watches and branded jewelry.
Details of the Fraudulent Activities
Ayoub Kourdal, aged 37, and Imad Jbara, aged 34, acknowledged their involvement during a court session in Joliette. Their admissions mean they will avoid trial. A third accomplice, Nassim Alikacem, remains at large. Their arrest in 2024 marked the conclusion of a lengthy investigation by the Laval Police Service, which began in December 2018.
Operation Glaive and its Aftermath
This extensive investigation, named Operation Glaive, led to a broader inquiry by the Sûreté du Québec (SQ), known as Operation Portier. It focused on the theft and resale of personal information belonging to 9.7 million members of the Desjardins Movement.
- The fraudulent scheme utilized data from 1.7 million Desjardins clients.
- Victims included five lawyers and notaries, whose trust accounts were compromised.
- Between September 2018 and January 2019, $8,908,145 was siphoned through 31 fraudulent operations targeting 41 individuals.
How the Fraud Was Executed
Kourdal assumed the identity of existing Desjardins clients while contacting customer service. He often impersonated elderly clients to claim he lost access to his accounts. Using illegally obtained identifiable information, he managed to bypass security measures and obtain temporary credentials to access accounts.
This access allowed him to redirect funds into shell companies and beneficiaries, both domestically and internationally, as well as jewelry stores in the United States. In several instances, fraudsters even manipulated victims’ phone lines or email addresses, thereby intercepting Desjardins’ identity verification processes.
The Impact on Victims
As detailed in court documents, the case not only highlights the sophistication of the criminal scheme but also the lasting repercussions for victims. Many lost control over their phone lines and email accounts for days on end.
Desjardins has fully compensated its clients, incurring a net loss exceeding $3 million. The prosecutor’s office suggested a common sentence to the presiding judge, Claude Lachapelle: six years in prison for Kourdal and four years for Jbara. Kourdal, a repeat fraud offender, faces stricter penalties, while Jbara’s role was deemed less significant.
Both men are also required to repay significant amounts. Failure to do so could result in extended prison sentences. The court’s decision on the length of incarceration remains pending.
