The Canadian financial services company Desjardins now believes all 4.2 million of its members were affected by a data incident that took place earlier this year.

The company on October 31 was informed by the Sûreté du Québec that the data breach announced on June 20 actually impacted all 4.2 million 4.2 million individual caisse members who do their banking with Desjardins in Quebec and Ontario. The data leaked included first and last name, date of birth, social insurance number, address, phone number, email address and details about their banking habits and Desjardins products.

Initially, it was believed that only 2.9 million of the credit union’s customers were affected by what was an insider attack. This incident was not a cyberattack. Desjardins computer systems were in no way breached during this incident, which was the result of illegal acts committed by the above-mentioned former employee, the company said in June. The employee in question has been fired and arrested by the Laval police, CBC news reported.