Last year, the Quebec based financial institution Desjardins Group suffered from a data breach carried out intentionally by a malicious employee who had access to banking details. As a result of this individual’s actions, the data of 4.2 million Desjardins customers was exposed and 1.8 million credit cardholders who were not Desjardins members were affected as well. Original reparation estimates were around $70 million, but earlier this week the company has stated that the breach is likely to cost them roughly $108 million.

The breach was disclosed in June of last year, and Desjardins introduced identity protection for all of the members affected by the breach. The high repair bill covers the cost of this identity protection as well as the implementation of more cybersecurity measures to prevent similar events in the future. Desjardins stated in November that the information exposed in the breach had not been misused.

Read More: Desjardins Group Breach Cost $38m Higher Than Expected