The Nova Scotia government says it is investigating the theft of personal information stolen through a global privacy breach to a third-party file transfer system the province was using.
The province has yet to determine what information may have been taken or how many Nova Scotians could be affected by the breach to software company MoveIt’s products, Cyber Security and Digital Solutions Minister Colton LeBlanc said in a Sunday news conference.
“At this time, staff are manually going through all of the files that were accessed to identify what information was stolen and who it belongs to,” he said.
“Until all of this work is complete, we aren’t able to say how many Nova Scotians have been impacted.”
The MoveIt software made by Burlington, Massachusetts-based company Ipswitch allows organizations to transfer files and data between employees, departments and customers.
Progress Software, the parent company of Ipswitch, confirmed a vulnerability in its software last week, saying the issue could lead to potential unauthorized access of users’ systems and files.
But the company notified the province of a critical vulnerability within its system on Thursday, LeBlanc said.
The province then took the service offline and installed a security update before bringing it back online Friday, only to be told further investigation was needed. Cyber security experts were then called in on Saturday evening.
LeBlanc said the investigation gave the province “a high degree of confidence that yes, there has been a breach of personal information.”
- Mastermind Toys to be acquired — but these 18 stores will still be liquidated
- House Speaker Fergus apologizes over video message for Ontario Liberals
- Canada is falling behind other rich countries in health care, new report warns
- Grocery CEO downplays food inflation, says competition strong in Canada
“We did not want to wait for all the answers before we told Nova Scotia what we are dealing with,” he said.
“I know there are questions we can’t answer right now because we’re still analyzing the full extent.”
LeBlanc would not say which departments had been using MoveIt or whether he was aware of other provinces or territories affected by the breach.
He said the province has informed Tricia Ralph, Nova Scotia’s information and privacy commissioner, of the breach and intends to create a website offering the public more information on the situation.
He also promised the province will directly notify Nova Scotians who have been impacted.
“I know that this is a stressful time for many Nova Scotians right now and I want to reassure all Nova Scotians that we are working tirelessly to resolve this issue as quickly and as efficiently as possible,” LeBlanc said.
Progress Software did not answer questions about how many Canadians may be affected and what other governments or businesses in the country have used its products.
But it said it promptly launched an investigation after discovering a vulnerability, alerted customers, provided immediate mitigation steps and developed a security patch within 48 hours.
“We are also continuing to work with industry-leading cybersecurity experts to investigate the issue and ensure we take all appropriate response measures,” the company said in an email.
This report by The Canadian Press was first published June 4, 2023.