In a recent announcement, the Province of Nova Scotia revealed significant progress in identifying individuals and organizations affected by the global cybersecurity breach on MOVEit. The investigation is still in its early stages, but notification letters will be sent out to impacted parties starting at the end of this week.
The Cyber Security and Digital Solutions Minister, Colton LeBlanc, stated, “Now that we have a better understanding of those impacted, we can start sending letters out to Nova Scotians who have had personal information breached.” The letters will provide information about free fraud protection and credit monitoring services that have been arranged. The Minister urges all affected individuals to register for these services.
The Province has discovered that additional members of the public and the public service have been affected by the breach. This includes approximately 13,000 active employees of regional centers for education and the Conseil scolaire acadien provincial, comprising teachers, administrative staff, human resources personnel, and finance staff. The breached information includes names, addresses, social insurance numbers, pension payment amounts, and gender. It is worth noting that this list is separate from the previously announced certified and permitted teachers, although some overlap may exist.
Furthermore, around 480 individuals in the Prescription Monitoring Program have been affected, with compromised data including health card numbers, personal health information, and demographic details. This figure represents an update from the initial announcement of 60 people impacted.
The breach also impacted approximately 17,500 water and tax bill accounts with the Region of Queens Municipality. The compromised information includes names, addresses, account numbers, payment amounts, and outstanding balances, but does not include any other financial data.
Moreover, just over 100 patients who visited the early labor and assessment unit at the IWK Health Centre had their personal health information breached. The affected data is limited to names, dates, and times of visit, as well as the reason for their visit.
In addition, five students’ information from a Department of Labour, Skills and Immigration file was released, including names, addresses, social insurance numbers, phone numbers, and dates of birth. Two other students had their names, institutions, and student ID numbers exposed.
It is important to note that while Elections Nova Scotia’s voters list was also present on MOVEit for sharing with political parties, it was shared in a manner that made it inaccessible and, according to the investigation, was not compromised.
The Department of Cyber Security and Digital Solutions is currently reviewing files impacted by the breach. Individual government departments and organizations utilizing MOVEit were sent their files to review and notify affected individuals accordingly. For instance, Halifax Water has notified approximately 25,000 customers that their names and account numbers were part of the breach.
Due to the duplication of names, determining the precise number of Nova Scotians affected has proven challenging. Additionally, the number continues to fluctuate as files are reviewed. For example, the number of recipients of Nova Scotia pensions whose names, dates of birth, and demographic information were compromised has decreased from 1,400 to 900 since the previous report. Furthermore, the number of incarcerated Nova Scotians impacted has risen from 500 to 655, with compromised data including prisoner ID numbers, names, genders, dates of birth, and incarceration statuses.