Nova Scotia expands victim count in global data hack

Thousands more impacted by breach

Nova Scotia expands victim count in global data hack

The Nova Scotia government has revealed that thousands more individuals have been impacted by a recent data breach.

The breach targeted the MOVEit file transfer service and resulted in the theft of private data, including social insurance numbers, addresses, and banking details.

It was initially estimated that up to 100,000 people in Nova Scotia had their data compromised, but Nova Scotia officials have said the breach also affected 13,000 employees working at regional centres for education and the province’s francophone school board.

Hackers were also found to have gained unauthorized access to approximately 17,500 water and tax bill accounts belonging to the Region of Queens Municipality in southwestern Nova Scotia, as well as data from the Nova Scotia Pension Agency.

Utility provider Halifax Water has also notified 25,000 customers that their names and account numbers were part of the Nova Scotia data breach, according to the update.

Nova Scotia cybersecurity minister Colton LeBlanc said the province plans to distribute notification letters by the end of the week.

“The letters will include information about the arrangements we have made for a free fraud protection and credit monitoring service,” added LeBlanc. “We urge everyone who is impacted to register.

“I want to remind all Nova Scotians that identity theft is a sad reality in the digital age. Whether you have been impacted by this breach or not, please keep a close eye on your financial transactions, change your passwords regularly, and take steps to protect yourself.”

A ransomware group called Clop has claimed responsibility for the attack, according to a previous report by The Canadian Press.

The group said it had already deleted all the data stolen from government bodies, but experts have been skeptical about this assertion.

“Clop's claim to have deleted data belonging to public sector bodies should be assumed to be false,” said Brett Callow, a threat analyst with cybersecurity company Emsisoft. “There is no reason for a criminal enterprise to simply delete information that may have value.”

What are your thoughts on this story? Feel free to comment below.

Recent articles & video

Register for November’s 2024 Lexpert Rising Star Awards

Billion-dollar deals, including Couche-Tard’s new higher buyout offer, top this week’s roundup

SCC takes flexible approach to corporate attribution doctrine in bankruptcy and insolvency cases

Understanding sustainable finance key for attracting global capital to Canada: Dentons partner

Supreme Court of Canada to hear three first degree murder cases next week

Ontario Court of Appeal dismisses motion to appeal interim vaccination order in child custody case

Most Read Articles

Ontario Superior Court refuses to remove estate trustees despite breach of fiduciary duties

Ontario Superior Court voids financial transfers for failing to rebut presumption of resulting trust

Legal industry managers expect pay for lawyers, other industry professionals to rise: report

Alberta Court of King’s Bench dismisses habeas corpus application in child custody dispute