As a result of a global data breach, some Nova Scotians' personal information has been taken. Colton LeBlanc, Minister of Cyber Security and Digital Solutions, made the alarming announcement during a last-minute video news briefing on Sunday afternoon.
“The issue is with a file transfer service called MOVEit, which is used globally by public and private sector organizations,” LeBlanc explained. Progress Software Corp., based in Burlington, Massachusetts, creates software that allows businesses to transmit files and data.
“At this time, staff are manually going through all of the files that were accessed to identify what information was stolen and who it belongs to."- Minister of Cyber Security and Digital Solutions Colton LeBlanc
According to LeBlanc, the provincial government quickly took the service offline, implemented a security update as directed, and then brought it back online. The next day, however, they "became aware" that further inquiry was required, so they shut down the service and informed Nova Scotia privacy commissioner Tricia Ralph.
“At this time, staff are manually going through all of the files that were accessed to identify what information was stolen and who it belongs to,” LeBlanc said. However, LeBlanc was unable to say what type of data was stolen or how many Nova Scotians were affected.
“Yes, there are still outstanding questions. We do not have all the answers at the time. I wish I had more information,” he said. The provincial government will be "reaching out directly to Nova Scotians who have been affected to inform them how they have been impacted."
As more information becomes available, Nova Scotia plans to develop a website with "relevant details" and "regular updates" on the data incident. Progress Software Corp. stated in a statement that their clients are their "top priority."
"When we discovered this vulnerability in MOVEit Transfer and MOVEit Cloud, we promptly launched an investigation, alerted customers of the issue, provided immediate mitigations steps, disabled web access to MOVEit Cloud, and developed a security patch to address the vulnerability within 48 hours. We are also continuing to work with industry-leading cybersecurity experts to investigate the issue and ensure we take all appropriate response measures,” the statement reads.
Ian Pitt, Progress Software Corp.'s chief information officer, recently declined to comment on who might have attempted to steal data by exploiting the hole.
“We have no evidence of it being used to spread malware,” Pitt told Reuters.
LeBlanc stated on Sunday that the government has not received any ransom notifications in connection with the incident. According to LeBlanc, data leak is a terrible aspect of living in a digital society.
“Cybersecurity is the second greatest threat to the globe, only after climate change,” he said.
Cybercrime, according to Natasha Clarke, deputy minister of the Department of Cyber Security and Digital Solutions, is now a job for certain people.
“There are nefarious actors that this is their full-time business and full-time job now to try to exploit and find vulnerabilities in software and that is what happened to this company, MOVEit,” she explained
It was unclear whether organizations used the software or were affected by the breach, and LeBlanc refused to speculate on whether additional provinces or territories were affected.