Nova Scotia’s information and privacy commissioner has launched an investigation into the theft of personal information from a file-transfer system used by the provincial government.
In June, the government confirmed a cybersecurity breach involving a third-party system known as MoveIt.
Tricia Ralph issued a statement Thursday saying the system was used by many public bodies, including government departments and Nova Scotia Health.
The statement says her investigation will review the government’s security and information practices as well as their response to the cybersecurity breach.
Ralph said her office has received 110 complaints from people who were told they were affected by the breach. The government said in June that as many as 100,000 people had their personal data stolen.
Service Nova Scotia Minister Colton LeBlanc welcomed the investigation.
“We have been co-operating and collaborating with her office since the early days of the breach, and in fact we sought some guidance and advice,” LeBlanc said following a cabinet meeting Thursday.
The minister said his department had been looking at lessons to be learned around data management since the breach and would wait to see what Ralph recommends. She did not give a timeline for her report.
“This is a matter that has impacted many Nova Scotians, and certainly we appreciate Ms. Ralph and her office looking into this matter,” LeBlanc said.
Liberal Leader Zach Churchill said the investigation will be important. “We want to know what happened and why, and whether there are still risks for people’s data,” he said.
The MoveIt software is made by Ipswitch, a company based in Massachusetts. Its parent company, Progress Software, has confirmed its software was vulnerable to unauthorized access.
This report by The Canadian Press was first published Dec. 7, 2023.