At least 100,000 Nova Scotians affected by cybertheft of government employee files
Cybercriminals made off with the personal and banking information of at least 100,000 Nova Sco‐ tians last week, before the Nova Scotia government secured a file transfer ser‐ vice that had been breached as part of a global attack on MOVEit.
Nova Scotia's Minister of Cyber Security and Digital Ser‐ vice Colton LeBlanc provided that number Tuesday as part of an update on the investiga‐ tion into the cybertheft, which he first disclosed on Sunday.
"100,000 people, 100,000 Nova Scotians being employ‐ ees, current or past employ‐ ees of Nova Scotia Health, the IWK, as well as the provincial civil service, have been im‐ pacted," LeBlanc told re‐ porters during a virtual brief‐ ing. "We still have more work to do and as that work un‐ folds, that number could go up or it could go down."
The minister said the infor‐ mation taken by the "cyber‐ criminals" was payroll data that was transferred between departments, including bank‐ ing details, home addresses and social insurance num‐ bers.
British Airways, the UK drugstore chain Boots and Britain's BBC have also been hacked by criminals exploiting a weakness in the same MOVEit software used in No‐ va Scotia, Reuters news ser‐ vice reported Monday. That's affected tens of thousands of their employees.
Although the province said it acted as soon as it was noti‐ fied of a possible vulnerability in the MOVEit service on June 1, the department's deputy minister Natasha Clarke con‐ firmed that the software patch to plug the digital hole was applied after the data was taken.
"Our investigation showed that the the stolen data that took place the two days prior to us being notified that there was a vulnerability." said Clarke. "So once we put the patching in place, there was no more nefarious activity that we were able to see as a part of our investigation." Investigation continues Clarke said there was no evidence, so far, that any in‐ formation provided by the public to any government de‐ partment had been taken by those who broke into the government computers.
"That investigation is on‐ going," said Clarke. "I think the approach we're taking here is not letting perfect be the enemy of good."
"What's important is we want to be confident, come out with good information and be as transparent to No‐ va Scotians knowing that we don't have all of the answers.
Despite being responsible for the breach, the senior bu‐ reaucrat defended MOVEit as a "world class or in the top of the software solutions" that provide this kind of file trans‐ fer service. She did acknowl‐ edge, given the circum‐ stances, her statement might seem ironic.
The provincial government is promising to contact those affected "as soon as possible" and offering them access to a credit monitoring service.
Union worried about risk
Sandra Mullen, president of the Nova Scotia Govern‐ ment and General Workers Union, said the province's largest public sector union only learned of the magni‐ tude of the breach minutes before the minister spoke to reporters.
"We were pretty con‐ cerned when we heard rum‐ blings of a privacy breach," Mullen told CBC News. "The numbers are huge, from what they're saying and it impacts many of our members, poten‐ tially myself included."
Mullen said her union had not yet heard from any mem‐ ber who has lost money or otherwise suffered as a conse‐ quence of their personal in‐ formation being in the hands of someone else.
Mullen pledged to make sure the provincial govern‐ ment moved quickly to notify individuals whose "critical" in‐ formation had been taken.
"We will do our best to make sure that they are re‐ sponding as fast as they can, in a safe manner and working hard to ensure that informa‐ tion is protected in the fu‐ ture," said Mullen.
Microsoft security experts have said the hackers are affil‐ iated with the notorious Clop ransomware group.
Rob McLeod, the vicepresident with cybersecurity company eSentire's Threat Response Unit, said the group has done this before, affect‐ ing a large number of organi‐ zations globally.
"This group has done this in the past. It's taken several months for them to actually go through this data, look for any sort of high-value victims or customers in that, and
then directly contact them," McLeod told CBC Radio's In‐ formation Morning Nova Sco‐ tia on Wednesday.
He said victims could be at risk of identity theft and taxbased scams, so they should take advantage of the credit monitoring service offered by the province.
"I would say this is an early warning indicator for the 100,000 affected victims. They're still going to need to keep a very close eye on all of their banking information, all of their credit information, al‐ so their [Canada Revenue Ac‐ count]," he said.
Other stolen data
In recent years, the Nova Scotia government has dealt with at least two major data breaches. In August 2020, No‐ va Scotia Health reported on eight of its own employees for snooping into the electronic health records of individuals associated with the events of the April 2020 shooting ram‐ page in the province.
In 2018, two people ac‐ cessed close to 7,000 docu‐ ments posted on the province's Freedom of Infor‐ mation access website. Those documents were requested by 740 individuals but were available to others because the website had a design flaw that could allow others to ac‐ cess the material.
MORE TOP STORIES