In a recent announcement made by the Province of Nova Scotia, a major cybersecurity breach involving the MOVEit system has been revealed. The breach has resulted in the theft of a significant number of records, affecting various individuals, including members of the public and public service employees.
The stolen records encompass a wide range of sensitive information, and the breach extends to multiple sectors within the province. Among those affected are approximately 55,000 past and present certified and permitted teachers in Nova Scotia. The stolen information includes their names, addresses, dates of birth, years of service, and educational backgrounds. It is important to note that social insurance numbers and banking information were not compromised. The impacted individuals were born in 1935 or later.
Moreover, around 26,000 students aged 16 years and older have also fallen victim to the breach. The stolen data includes their dates of birth, genders, student IDs, and school information. The reason behind the presence of this information in the database is its sharing with Elections Nova Scotia.
Additionally, approximately 5,000 owners of short-term accommodations registered with the Tourist Accommodations Registry have had their information compromised. The stolen data includes the owners’ names, addresses, property addresses, and registration numbers.
Furthermore, the breach has impacted roughly 3,800 individuals who applied for jobs with Nova Scotia Health. The stolen data includes demographic information and employment details. Fortunately, social insurance numbers were not among the compromised information.
Disturbingly, personal data of around 1,400 Nova Scotia pension plan recipients was stolen. The stolen information includes names, social insurance numbers, dates of birth, and demographic data.
In another sector, the breach affected 1,085 individuals who had been issued parking tickets by the Halifax Regional Municipality. Names, addresses, and license plate numbers were among the compromised data.
Moreover, approximately 500 individuals in provincial adult correctional facilities had their information stolen. The stolen data includes their names, dates of birth, genders, prisoner ID numbers, and their status within the justice system.
The breach also affected about 100 vendors associated with Nova Scotia Health, whose product and pricing information were compromised. Fortunately, banking information does not appear to be included in the stolen data.
Furthermore, 54 individuals who received summary offense tickets had their names, driver’s license numbers, and dates of birth stolen.
Lastly, the personal information of 54 clients of the Department of Community Services, including names, addresses, client IDs, and transit pass photos, was compromised.
The impact of the privacy breach on the healthcare system is equally concerning. The breach has affected around 1,330 individuals in the Department of Health and Wellness client registry, including their names, addresses, dates of birth, and health card numbers.
Moreover, the personal information of at least 150 individuals in the Department of Health and Wellness provider registry has been compromised. This group includes doctors, specialists, nurses, and optometrists. The stolen information consists of names, addresses, and dates of birth. Fortunately, social insurance numbers and banking information were not compromised.
Furthermore, approximately 60 individuals associated with the Prescription Monitoring Program had their information stolen. The compromised data includes names, addresses, dates of birth, health card numbers, and personal health information.
Additionally, the breach exposed the personal information of 41 newborns born between May 19 and 26. The stolen information includes their last names, health card numbers, dates of birth, and dates of discharge. Parents of the affected newborns will be notified accordingly.
Estimating the exact number of individuals impacted by the breach is a complex task, as some records may pertain to the same individuals across different sectors. For example, an individual who is a certified teacher may also be a civil service employee and have received a parking ticket. The government is actively working to assess the full extent of the breach and aims to promptly notify all affected individuals.
To mitigate the potential risks and provide support to those impacted, government staff from all departments are meticulously examining the stolen files. The assessment is prioritized based on the level of risk to Nova Scotians. Individuals whose sensitive personal information has been compromised will receive credit monitoring and fraud protection services. Detailed information regarding these services will be provided in the notification letters that the Province intends to start sending out as early as next week.
In light of these developments, Cyber Security and Digital Solutions Minister Colton LeBlanc emphasized the importance of remaining vigilant and taking necessary precautions. He stated, “I know that providing more detailed information will cause more concern and questions. No individual or organization is immune from cyber threats or theft. I strongly encourage Nova Scotians to reach out to their financial institution to flag the risk. We will continue to provide updates on what we are learning through our investigation.”
Several key points were outlined for individuals to safeguard their personal information. Firstly, it was highlighted that scammers often exploit incidents of this nature to prey on people. The Province explicitly stated that it will not request social insurance numbers, MSI numbers, banking information, or money during the notification process.
Moreover, Nova Scotians who suspect that they have been targeted by hackers are advised to promptly change their passwords and update their browsers, apps, and software to the latest versions available for their devices. It is crucial for individuals to closely monitor their banking and credit card records and consider notifying their financial institutions.
The breach has prompted an urgent need for enhanced cybersecurity measures and stricter data protection protocols. The Province of Nova Scotia has taken immediate action by taking the MOVEit system offline on June 1 for a security update. Subsequently, it was taken offline again on June 2 for further investigation. Measures have been implemented to fortify the system’s security, including additional monitoring.
As the investigation unfolds, the Province of Nova Scotia is dedicated to ensuring transparency and taking all necessary steps to address the ramifications of this extensive cybersecurity breach. It remains essential for affected individuals to remain alert and take proactive measures to protect their personal information from potential misuse.
Comments