A chilling reappearance
On October 20, 2025, La Presse revealed that the personal data of more than one million Quebecers, originating from the infamous Desjardins leak in 2019, is once again circulating on the dark web. The information included names, addresses, social insurance numbers, dates of birth, and even banking information. Four years after the incident, the reappearance of this data brings a crucial question to the forefront: do data leaks really cease to have consequences after the initial media coverage?
A leak that was never really contained
Despite the measures taken by Desjardins to contain the leak and reassure its members—such as credit monitoring and identity protection services—the reality is that the stolen information continues to circulate in underground forums. The return of the data in 2025 reveals a disturbing truth: once confidential information is exposed, it enters a cycle that is difficult to control. Malicious actors reuse, resell, and exploit it over the years, sometimes in connection with new waves of fraud or identity theft.
Why now?
The experts interviewed point out that the re-circulation of this data could be linked to several factors:
– The publication of consolidated databases compiling several leaks
– Resale by criminal groups that are disbanding or changing their structure
– A resurgence of attacks targeting Quebec, particularly in a context of economic tensions
In any case, this reappearance serves as a stark reminder: a leak does not simply disappear because the subject is no longer in the news.
A lesson on the lifespan of a cyberattack
This situation highlights a fundamental concept that is too often underestimated by companies and institutions: time. In cybersecurity, the consequences of an attack are not measured in weeks or months, but in years. It is not enough to put out the fire: you have to watch the embers.
This also raises the question of long-term liability. Can the current victims of this reappearance take action against Desjardins? Are the remedies still valid? And above all, who is supporting them today?
The need for more robust data governance
The Desjardins case is often cited as a textbook example in Quebec. But what happens once the media attention has died down? Many organizations overestimate the scope of their response plans. However, this situation shows that it is also necessary to invest in strategies for continuous detection, risk updates, and, above all, long-term support for those affected.
A warning for the entire digital ecosystem
The Desjardins leak is not an isolated case: it is symptomatic of a reality in which personal data circulates over the long term. Institutions, businesses, citizens: everyone must learn from this new wave. Because it is not the attack in 2019 that is most worrying, but what it continues to cause in 2025.
If this article raises questions about the management of your sensitive data or your cybersecurity plan, know that the specialists at Mon Technicien can assist you in assessing your vulnerabilities. Together, let’s strengthen your digital resilience.
in your taskbar.