MOVEit cybersecurity breach cost Nova Scotia nearly $4M
On the eve of the anniversary of a massive, world-wide cybersecurity breach, the Nova Scotia government says the response to the MOVEit hack cost the province $3.8 million.
The breach occurred May 30 and May 31, 2023, and affected multiple organizations and millions of people around the globe.
The online hack involved a file transfer service called MOVEit, which is used by the private sector and governments, including Nova Scotia.
The software is made by Burlington, Massachusetts-based company Ipswitch and allows organizations to transfer files and data between employees, departments and customers.
In a news release Wednesday promoting the final report into the online hack, Nova Scotia’s minister in charge of Cyber Security and Digital Solutions said the province has learned a number of lessons from the MOVEit breach.
“We made changes immediately, and we’ll continue to strengthen our defences to keep Nova Scotians’ information as safe as we can,” said Colton LeBlanc.
After the U.S. company initially notified the government of Nova Scotia of a critical vulnerability within its system, the province took the service offline and issued more than 168,000 notification letters Security updates were installed, allowing for the province to bring the service back online.
In its release, the Nova Scotia government says the province is committed to further action on the evolving issues around cybersecurity.
“I’d love to be able to say we will never face another cybersecurity breach,” LeBlanc said. “Cyber threats are unfortunately a reality in the world we now live in. Everyone – governments, private companies and people – are all at risk. We must take steps to protect ourselves.”
According the province, an analysis of the breach confirmed stolen files contained sensitive personal information such as social insurance numbers and banking details for some employees, as well as the personal health information of 1,923 patients.
The province sent out more than 168,000 notification letters to Nova Scotians whose personal information was caught up in the breach. Credit monitoring from TransUnion was offered to those whose sensitive personal information was stolen and some 30,000 people signed up for the service.
Up to this point, the province says it has not been made aware of anyone who has had their personal information used inappropriately as a result of the MOVEit breach.
Last August, the province said certified teachers born in 1935 or later were among those whose personal information was stolen, which included personal details about deceased people.
In June 2023, a group known as Clop, which claimed to be behind the attack, said they deleted all the stolen data from governments, cities, and police services but are keeping information from private companies.
Cybersecurity expert Scott Beck told CTV News Wednesday this breach showed that in this day and age, it’s not a matter of if it will happen, but when.
“How well you respond determines how bad the impacts will be,” he said. “While It’s important to try and prevent incidents from occurring, it’s even more important to detect when something doesn’t look right so you can respond quickly to minimize the impacts.”
Beck said while this incident shows the province has room to improve, Nova Scotia took the right steps after the fact.
Nova Scotia continues to use MOVEit, which it says is essential to delivering core government services. However, in its final report, the province said there is enhanced security within the file transfer system.
Other final report recommendations include:
- Improving how data is classified and managed.
- Ensure enhanced capacity to respond to large-scale breaches.
- Requiring all staff to take mandatory cybersecurity awareness training every year.
For more Nova Scotia news visit our dedicated provincial page.
CTVNews.ca Top Stories
Ottawa has sold its stake in Air Canada: sources
Two senior federal government sources have confirmed to CTV News that the federal government has sold its stake in Air Canada. During the COVID-19 pandemic in 2021, the government purchased a six per cent stake in the airline for $500 million as part of a bailout package.
Premiers disagree on whether Canada should cut off energy supply to U.S. if Trump moves ahead with tariffs
Some of Canada's premiers appeared to disagree with Ontario Premier Doug Ford on his approach to retaliatory measures, less than a day after he threatened to cut off the province's energy supply to the U.S. if president-elect Donald Trump follows through on his threat of punishing tariffs.
She took a DNA test for fun. Police used it to charge her grandmother with murder in a cold case
According to court documents, detectives reopened the cold case in 2017 and then worked with a forensics company to extract DNA from Baby Garnet's partial femur, before sending the results to Identifinders International.
BREAKING Travis Vader, killer of Lyle and Marie McCann, denied day parole
The man who killed an Alberta couple in 2010 has been denied day parole.
McDonald's employee who called 911 in CEO's shooting is eligible for reward, but it will take time
More than 400 tips were called into the New York Police Department's Crime Stoppers tip line during the five-day search for a masked gunman who ambushed and fatally shot UnitedHealthcare CEO Brian Thompson last week.
Man who set fires inside Calgary's municipal building lost testicle during arrest: ASIRT
Two Calgary police officers have been cleared of any wrongdoing in an incident that saw a suspect lose a testicle after being shot with an anti-riot weapon.
Country star Morgan Wallen sentenced in chair-throwing case
Country music star Morgan Wallen on Thursday pleaded guilty to two misdemeanour counts of reckless endangerment for throwing a chair from the rooftop of a six-storey bar in Nashville and nearly hitting two police officers with it.
Weather warnings for hazardous conditions in parts of Canada
Canadians experienced contrasting weather on Thursday, from warmer temperatures in the Maritimes to extreme cold in parts of Ontario, the Prairies and the North.
3 men say in lawsuits that Sean 'Diddy' Combs drugged and sexually assaulted them
Three men sued Sean 'Diddy' Combs in New York on Thursday, claiming the hip-hop mogul drugged and raped them.