Thousands more impacted by breach
The Nova Scotia government has revealed that thousands more individuals have been impacted by a recent data breach.
The breach targeted the MOVEit file transfer service and resulted in the theft of private data, including social insurance numbers, addresses, and banking details.
It was initially estimated that up to 100,000 people in Nova Scotia had their data compromised, but Nova Scotia officials have said the breach also affected 13,000 employees working at regional centres for education and the province’s francophone school board.
Hackers were also found to have gained unauthorized access to approximately 17,500 water and tax bill accounts belonging to the Region of Queens Municipality in southwestern Nova Scotia, as well as data from the Nova Scotia Pension Agency.
Utility provider Halifax Water has also notified 25,000 customers that their names and account numbers were part of the Nova Scotia data breach, according to the update.
Nova Scotia cybersecurity minister Colton LeBlanc said the province plans to distribute notification letters by the end of the week.
“The letters will include information about the arrangements we have made for a free fraud protection and credit monitoring service,” added LeBlanc. “We urge everyone who is impacted to register.
“I want to remind all Nova Scotians that identity theft is a sad reality in the digital age. Whether you have been impacted by this breach or not, please keep a close eye on your financial transactions, change your passwords regularly, and take steps to protect yourself.”
A ransomware group called Clop has claimed responsibility for the attack, according to a previous report by The Canadian Press.
The group said it had already deleted all the data stolen from government bodies, but experts have been skeptical about this assertion.
“Clop's claim to have deleted data belonging to public sector bodies should be assumed to be false,” said Brett Callow, a threat analyst with cybersecurity company Emsisoft. “There is no reason for a criminal enterprise to simply delete information that may have value.”
What are your thoughts on this story? Feel free to comment below.
