MOVEit cybersecurity breach cost Nova Scotia nearly $4M
On the eve of the anniversary of a massive, world-wide cybersecurity breach, the Nova Scotia government says the response to the MOVEit hack cost the province $3.8 million.
The breach occurred May 30 and May 31, 2023, and affected multiple organizations and millions of people around the globe.
The online hack involved a file transfer service called MOVEit, which is used by the private sector and governments, including Nova Scotia.
The software is made by Burlington, Massachusetts-based company Ipswitch and allows organizations to transfer files and data between employees, departments and customers.
In a news release Wednesday promoting the final report into the online hack, Nova Scotia’s minister in charge of Cyber Security and Digital Solutions said the province has learned a number of lessons from the MOVEit breach.
“We made changes immediately, and we’ll continue to strengthen our defences to keep Nova Scotians’ information as safe as we can,” said Colton LeBlanc.
After the U.S. company initially notified the government of Nova Scotia of a critical vulnerability within its system, the province took the service offline and issued more than 168,000 notification letters Security updates were installed, allowing for the province to bring the service back online.
In its release, the Nova Scotia government says the province is committed to further action on the evolving issues around cybersecurity.
“I’d love to be able to say we will never face another cybersecurity breach,” LeBlanc said. “Cyber threats are unfortunately a reality in the world we now live in. Everyone – governments, private companies and people – are all at risk. We must take steps to protect ourselves.”
According the province, an analysis of the breach confirmed stolen files contained sensitive personal information such as social insurance numbers and banking details for some employees, as well as the personal health information of 1,923 patients.
The province sent out more than 168,000 notification letters to Nova Scotians whose personal information was caught up in the breach. Credit monitoring from TransUnion was offered to those whose sensitive personal information was stolen and some 30,000 people signed up for the service.
Up to this point, the province says it has not been made aware of anyone who has had their personal information used inappropriately as a result of the MOVEit breach.
Last August, the province said certified teachers born in 1935 or later were among those whose personal information was stolen, which included personal details about deceased people.
In June 2023, a group known as Clop, which claimed to be behind the attack, said they deleted all the stolen data from governments, cities, and police services but are keeping information from private companies.
Cybersecurity expert Scott Beck told CTV News Wednesday this breach showed that in this day and age, it’s not a matter of if it will happen, but when.
“How well you respond determines how bad the impacts will be,” he said. “While It’s important to try and prevent incidents from occurring, it’s even more important to detect when something doesn’t look right so you can respond quickly to minimize the impacts.”
Beck said while this incident shows the province has room to improve, Nova Scotia took the right steps after the fact.
Nova Scotia continues to use MOVEit, which it says is essential to delivering core government services. However, in its final report, the province said there is enhanced security within the file transfer system.
Other final report recommendations include:
- Improving how data is classified and managed.
- Ensure enhanced capacity to respond to large-scale breaches.
- Requiring all staff to take mandatory cybersecurity awareness training every year.
For more Nova Scotia news visit our dedicated provincial page.
CTVNews.ca Top Stories
Canadian former Olympic snowboarder wanted in Ontario double homicide: DOJ
A Canadian former Olympic snowboarder who is suspected of being the leader of a transnational drug trafficking group that operated in four countries is wanted for allegedly orchestrating the murder of an 'innocent' couple in Ontario in 2023, authorities say.
Ontario school board trustees under fire for $100K religious art purchase on Italy trip
Trustees with an Ontario school board are responding to criticism over a $45,000 trip to Italy, where they purchased more than $100,000 worth of religious statues.
A photographer snorkeled for hours to take this picture
Shane Gross, a Canadian marine conservation photojournalist, has won the title of Wildlife Photographer of the Year.
Tobacco giants would pay out $32.5 billion to provinces, smokers in proposed deal
Three tobacco giants are proposing to pay close to $25 billion to provinces and territories and more than $4 billion to some 100,000 Quebec smokers and their loved ones as part of a corporate restructuring process triggered by a long-running legal battle.
More Trudeau cabinet ministers not running for re-election, sources say shuffle expected soon
Federal cabinet ministers Filomena Tassi, Carla Qualtrough and Dan Vandal announced Thursday they will not run for re-election. Senior government sources tell CTV News at least one other, Marie-Claude Bibeau, doesn't plan to run again, setting the stage for Justin Trudeau to shuffle his cabinet in the coming weeks.
Robert Pickton's handwritten book seized after his death in hopes of uncovering new evidence
A handwritten book was seized from B.C. serial killer Robert Pickton's prison cell following his death earlier this year, raising hopes of uncovering new evidence in a series of unprosecuted murders.
Former members of One Direction say they're 'completely devastated' by Liam Payne's death
The former members of English boy band One Direction reacted publicly to the sudden death of their bandmate, Liam Payne, for the first time on Thursday, saying in a joint statement that they're 'completely devastated.'
Israel says it has killed top Hamas leader Yayha Sinwar in Gaza
Israeli forces in Gaza killed top Hamas leader Yahya Sinwar, a chief architect of last year's attack on Israel that sparked the war, the military said Thursday. Troops appeared to have run across him unknowingly in a battle, only to discover afterwards that a body in the rubble was Israel's most wanted man.
Indian government employee charged in foiled murder-for-hire plot in New York City
The U.S. Justice Department announced criminal charges Thursday against an Indian government employee in connection with a foiled plot to kill a Sikh separatist leader living in New York City.