Nova Scotia

Province warns of 'global cybersecurity issue' that resulted in stolen personal info

The Nova Scotia government is alerting the public to a “global cybersecurity issue” that has resulted in the theft of personal information.

No details yet about what files were stolen or how many people are affected

A man wearing a suit looks at the camera.
Colton LeBlanc, seen in this file photo, is Nova Scotia's cabinet minister responsible for cybersecurity and digital solutions. (Robert Short/CBC)

The Nova Scotia government is alerting the public to a "global cybersecurity issue" that has resulted in the theft of personal information.

But during a Sunday afternoon news conference, the cabinet minister in charge would not say what kind of information was stolen or how many people are affected.

"At this time, staff are manually going through all of the files that were accessed to identify what information was stolen and who it belongs to," Colton LeBlanc, the minister responsible for cybersecurity and digital solutions, told reporters.

"Until all of this work is complete, we aren't able to say how many Nova Scotians have been impacted. Today is about telling you about the situation and our response to date. We did not want to wait for all of the answers before we told Nova Scotians what we are dealing with."

'Nefarious actors' exploited vulnerability in file transfer service, deputy minister says

1 year ago
Duration 0:50
Natasha Clarke, the deputy minister responsible for cybersecurity and digital solutions, said the company MOVEit informed the provincial government of a 'vulnerability' that was exploited in its file transfer service.

LeBlanc said the issue is with a file transfer service called MOVEit, which is used internationally by public and private sector organizations to share personal information related to fields such as health care, finance and government services.

The news agency Reuters first reported on the breach on Thursday.

The province was advised by the company that owns the service, Progress Software, on June 1 that there was a "critical vulnerability," said LeBlanc.

"We immediately took the service offline and installed a security update as instructed, then brought the service back online."

Cybersecurity experts called in

The provincial government learned the next day that further investigation was needed. The service was pulled offline again and cybersecurity experts were called in to assist.

By Saturday night, the government's investigation gave them "a high degree of confidence" that personal information had been stolen, said LeBlanc.

Deputy Minister Natasha Clarke said the transfer system "has a wide reach across government."

The government has notified the province's privacy commissioner.

LeBlanc said he would not speculate about the location of the stolen data and said no one has contacted the government to sell it back.

"The sad reality of living in a digital world today is that cybercrime is a reality and there are nefarious actors out there."

The province will launch a website with all relevant details and update it regularly as information becomes available, said LeBlanc. People affected by the breach would be contacted directly to be informed how they are impacted, he said.

In a statement, a spokesperson for Progress Software said the company is working with cybersecurity experts to investigate the issue and ensure all appropriate measures are taken.

ABOUT THE AUTHOR

Michael Gorman is a reporter in Nova Scotia whose coverage areas include Province House, rural communities, and health care. Contact him with story ideas at michael.gorman@cbc.ca