HALIFAX — Nova Scotians’ personal data may have been stolen by hackers in a cyber attack on the MoveIt file-sharing platform used by the provincial government.
Nova Scotia Cybersecurity and Digital Solutions Minister Colton LeBlanc confirmed Sunday that an investigation has been launched to determine what information may have been stolen in the cyber attack and the number of people affected.
“Our investigation has given us a high level of confidence that, unfortunately, there has been a breach of Nova Scotia residents’ information,” Minister LeBlanc said during a virtual press conference.
“Investigation is going on. The current situation is to understand the number of Nova Scotians and how they are affected. This is our top priority.”
Once these two questions are answered, the government will notify those concerned and let them know what information has been compromised, Mr. LeBlanc promised. But for now, it’s not known exactly what kind of information was targeted.
“We’re still relatively early in the investigation, so you really need to understand the content of the stolen data in this situation.”
MoveIt software, developed by US company Ipswich, allows companies to transfer files and data between employees, departments and customers.
Ipswitch’s parent company, Progress Software, confirmed a vulnerability in its software last week, saying the issue could lead to unauthorized access to user settings and files.
But the company did not notify the Nova Scotia government of the critical breach in its system until Thursday, LeBlanc said.
Therefore, the province has temporarily stopped using the site, and it is time to quickly install a security update. The government resumed use of the service on Friday, only to be told that further investigation was required.
Cyber security experts were then called in to intervene… on Saturday evening.
“I know there are questions we cannot answer at this time because we are still in the process of analyzing the full extent of the situation,” the minister admitted.
LeBlanc did not say which departments regularly use MoveIt or whether he knew of other provinces or territories affected by the cyber attack.
However, the province reported the situation to Nova Scotia’s Information and Privacy Commissioner Tricia Ralph and intends to create a website that provides more information on the issue.
“I know this is a stressful time for many Nova Scotians, and I want to assure them that we are working tirelessly to resolve this issue as quickly and efficiently as possible,” LeBlanc said.
Progress Software did not respond to questions from The Canadian Press about how many Canadians may have been affected, and did not say whether other governments or companies in the country were using its products.
However, the company contended that it launched an investigation soon after discovering the vulnerability, alerting its customers, taking mitigation measures and developing a security patch within 48 hours.
“We are continuing to work with cybersecurity experts to investigate this issue and ensure that we are taking all necessary steps,” the company said in an email.