Report a Potential Vulnerability
All our members and clients are covered by Desjardins Identity Protection.
Desjardins Group is highly committed to protecting your information and ensuring the availability of its services. That's why we do everything we can to make sure our site is secure. Despite our best efforts, some vulnerabilities may still be present.
The Desjardins security team understands the significant role that people with advanced security knowledge can play.
If you discover a potential vulnerability on our site or applications, report it to divulgation-responsable@desjardins.com.
A Desjardins technical team will examine your findings and make any required corrections within 30 days of confirmation of receipt.
Responsible Disclosure Program rules
During your investigations, make sure you follow these rules:
- Do not damage our systems.
- Do not use any technique that could affect the availability of our services.
- Never disclose the personal information or card information of our members.
- Do not use a social engineering technique to get access rights to our systems.
- Do not use the brute force technique to get passwords.
- Do not make any changes to our systems (e.g., install a backdoor).
- Do not send an automated scan report.
Vulnerabilities you can report
Here are some examples of vulnerabilities you can report:
- Cross-site scripting (XSS)
- SQL injection
- Failed encryption
Forbidden actions
You must not use the Responsible Disclosure Program to:
- Share your comments and suggestions on Desjardins products or services.
- Report a lost or stolen card.
- Mention that a Desjardins service is unavailable.
- Forward a fraudulent email or text message.
- Perform actions that are unlawful or against regulations.
Applicable laws and regulations
Under certain circumstances, your investigations on our site and applications may be considered a crime under applicable laws and regulations and you could face legal action. Applicable laws and regulations take precedence over the terms and conditions of our Responsible Disclosure Program.
How to report a potential vulnerability
- Confidentially share your vulnerability findings with Desjardins by writing to divulgation-responsable@desjardins.com.
- Provide the potential vulnerability details to allow our security team to investigate.
To protect your communications with us, you can use our public PGP key - Cet hyperlien s'ouvrira dans une nouvelle fenêtre..
The Desjardins security team's commitment
We ask that you not share or divulge an unresolved vulnerability to third parties. If you report a vulnerability, the Desjardins security team will reply to you as soon as possible by sending an acknowledgment of receipt of your email.