Your browser settings have JavaScript disabled. Some features of the site are not available or will not work correctly without JavaScript.
See How to enable JavaScript.

Your browser is configured to not accept cookies. Some features of the site are not available or will not work correctly without cookies. Also, some information presented might not apply to your situation.
See How to enable cookies.

Your browser is not supported by our website. Some features of the site are not available or will not work correctly.
See the procedure to update your browser.

Report a Potential Vulnerability

All our members and clients are covered by Desjardins Identity Protection.

Learn more about Desjardins Identity Protection

Desjardins Group is highly committed to protecting your information and ensuring the availability of its services. That's why we do everything we can to make sure our site is secure. Despite our best efforts, some vulnerabilities may still be present.

The Desjardins security team understands the significant role that people with advanced security knowledge can play.

If you discover a potential vulnerability on our site or applications, report it to divulgation-responsable@desjardins.com.

A Desjardins technical team will examine your findings and make any required corrections within 30 days of confirmation of receipt.

Responsible Disclosure Program rules

During your investigations, make sure you follow these rules:

Do not damage our systems.
Do not use any technique that could affect the availability of our services.
Never disclose the personal information or card information of our members.
Do not use a social engineering technique to get access rights to our systems.
Do not use the brute force technique to get passwords.
Do not make any changes to our systems (e.g., install a backdoor).
Do not send an automated scan report.

Vulnerabilities you can report

Here are some examples of vulnerabilities you can report:

Cross-site scripting (XSS)
SQL injection
Failed encryption

Forbidden actions

You must not use the Responsible Disclosure Program to:

Share your comments and suggestions on Desjardins products or services.
Report a lost or stolen card.
Mention that a Desjardins service is unavailable.
Forward a fraudulent email or text message.
Perform actions that are unlawful or against regulations.

Applicable laws and regulations

Under certain circumstances, your investigations on our site and applications may be considered a crime under applicable laws and regulations and you could face legal action. Applicable laws and regulations take precedence over the terms and conditions of our Responsible Disclosure Program.

How to report a potential vulnerability

Confidentially share your vulnerability findings with Desjardins by writing to divulgation-responsable@desjardins.com.
Provide the potential vulnerability details to allow our security team to investigate.

To protect your communications with us, you can use our public PGP key - Cet hyperlien s'ouvrira dans une nouvelle fenêtre..

The Desjardins security team's commitment

We ask that you not share or divulge an unresolved vulnerability to third parties. If you report a vulnerability, the Desjardins security team will reply to you as soon as possible by sending an acknowledgment of receipt of your email.

Choose your settings This dialog box is displayed the first time you visit the site. You can change your province or state and language in the page header or in the menu at any time afterwards.

Log in

Online services

Home and auto insurance

Online brokerage

Full service brokerage

See other Desjardins sites