The government of Nova Scotia has issued a public alert regarding a significant global cybersecurity incident resulting in the unauthorized access and theft of personal information. During a recent news conference, the minister responsible for cybersecurity and digital solutions, Colton LeBlanc, disclosed that the government is currently in the process of assessing the extent of the breach and identifying the specific information that has been compromised. At this stage, it is not possible to determine the exact number of individuals affected.
The incident revolves around a file transfer service known as MOVEit, which is widely used by both public and private organizations worldwide to exchange sensitive data pertaining to various sectors such as healthcare, finance, and government services. The government was notified of a “critical vulnerability” in the service by Progress Software, the company that owns MOVEit, on June 1. In response, immediate action was taken to take the service offline, apply necessary security updates, and subsequently restore its operation.
However, further investigation prompted by the government’s concerns led to the service being taken offline again, with cybersecurity experts being enlisted to assist in the analysis. By Saturday night, a comprehensive government investigation revealed a high likelihood that personal information had been illicitly obtained. The deputy minister responsible for cybersecurity and digital solutions, Natasha Clarke, emphasized that the file transfer system’s usage spanned across various government departments.
The province has already notified the privacy commissioner, adhering to the appropriate protocols. Minister LeBlanc clarified that it is premature to speculate on the whereabouts of the stolen data and confirmed that no individuals have made contact with the government regarding a potential sale of the compromised information.
Recognizing the unfortunate reality of cybercrime in the digital age, Minister LeBlanc emphasized the government’s commitment to transparency and promptly providing updates to affected individuals. A dedicated website will be launched to disseminate relevant information, which will be regularly updated as new details emerge. Those impacted by the breach will be directly contacted to receive specific details about how they have been affected.
Progress Software, in collaboration with cybersecurity experts, is diligently investigating the incident and implementing appropriate measures to address the breach.