Advertisement

Nova Scotia’s auditor general to perform audit after province’s data breach

File - Nova Scotia Auditor General Michael Pickup listens to a question during a news conference regarding his latest report in Halifax on Wednesday, June 8, 2016.
File - Nova Scotia Auditor General Michael Pickup listens to a question during a news conference regarding his latest report in Halifax on Wednesday, June 8, 2016. Andrew Vaughan/The Canadian Press

Another government entity is set to examine the data breach on a Nova Scotia government website.

Nova Scotia’s auditor general is set to perform an audit of the province’s privacy services after a data breach at the government’s freedom of information (FOIPOP) portal exposed the personal information of 700 people, including social insurance numbers, birth dates and personal address.

The province’s minister of internal service, who is in charge of the FOIPOP website, says she officially requested “audit assistance” from the office of Nova Scotia Auditor General Michael Pickup on Friday.

“I believe that our efforts would greatly benefit from the support of you and your Office,” Patricia Arab wrote in her letter to the Auditor General.

“Your findings will help us to ensure that we are doing what we can to safeguard the privacy of Nova Scotians.”

Story continues below advertisement

Arab adds that Pickup’s audit will be “supportive and complementary” of a separate investigation launched by Catherine Tully, the province’s information and privacy commissioner.

READ MORE: Stephen McNeil rejects N.S. Opposition’s call for minister’s resignation over data breach

Tully’s investigation will examine whether the department of internal services was in compliance with province’s Freedom of Information and Protection of Privacy Act.

“The investigation will focus in particular on the adequacy of the security of the system,” wrote Tully in a press release.

Website still offline

Meanwhile, as of Monday, the FOIPOP website still remains unavailable and the government says there is no clear timeline on when it will be back up and running.

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.

Get daily National news

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

The province told Global News on Wednesday that the first patch for the website’s security issues was received by Unisys on April 13. It’s now undergoing testing before being passed on to the province, which will conduct its own testing.

An additional third party will also review the updated system.

“There is currently no set timeline attached to the service going back online for the public, as this will depend on the results of this process,” said Brian Taylor, a spokesperson for Nova Scotia’s internal services department.

Story continues below advertisement

An update was not available as of Monday.

WATCH: Halifax police make arrest after Nova Scotia FOI website breached, personal information exposed

Click to play video: 'Halifax police make arrest after Nova Scotia FOI website breached, personal information exposed'
Halifax police make arrest after Nova Scotia FOI website breached, personal information exposed

19-year-old still facing charge

A 19-year-old teen is facing one count of unauthorized access of a computer after police say he was involved in a “data breach” of the government’s FOIPOP portal.

The charge, which the Halifax Regional Police says is “seldom laid,” carries a maximum punishment of 10 years in prison.

The government said the data breach — which occurred between March 3 and 5 — resulted in more than 7,000 documents  being accessed and downloaded by a “non-authorized person.”

The province says that 250 of the documents contain highly sensitive personal information such as birth dates, addresses and social insurance numbers.

Story continues below advertisement

So far, investigators have neither filed an information before the Halifax provincial court, nor listed the young man’s name on the docket for a June 12 cour appearance, though the 19-year-old has been served with notices requiring him to appear.

Evan d’Entremont, an IT security professional, has written on his blog that the breach would’ve been fairly easy to carry out.

D’Entremont alleges that accessing the data would have been as simple as changing the document ID number at the end of a URL.

David Fraser, a leading technology and privacy lawyer with McInnes Cooper, says he is now assisting the teen in his legal defence.

“I am hopeful that as the file is transferred to the crown prosecutors, they will make the call to withdraw the charges that – I think – never should have been laid in the first place,” Fraser told Global News.

A crowdfunding campaign has been launched with the goal of creating a legal defence fund for the teen. Technology experts — including the board of the Atlantic Security Conference — have already contributed to the campaign.

READ MORE: Halifax Excel program registration shut down because of ‘privacy breach’

Apology

Opposition parties have called for Arab’s resignation over the lack of security on the FOIPOP site, though it was swiftly rejected by Premier Stephen McNeil, who defended her performance last week.

Story continues below advertisement

Arab has apologized multiple times that Nova Scotians information was compromised.

“As Minister of Internal Services, I take this breach of privacy very seriously,” Arab wrote in her letter to the Auditor General.

“My department, together with our private sector delivery partners and other non-government resources, are investigating the cause of the breach.”

With files from the Canadian Press

Sponsored content

AdChoices