MOVEit Transfer breach compromised the personal data of at least 100,000 Nova Scotia residents

News08 Jun 2023

The province of Nova Scotia in Canada suffered a significant data breach as a result of the Clop ransomware exploiting a zero-day vulnerability in the MOVEit Transfer web application to infiltrate its systems.The Province said in a press release that the “personal information of many employees of Nova Scotia Health, the IWK Health Centre, and the public service has been stolen in the MOVEit global cybersecurity breach.”The Province also said that it received a notification of a zero-day vulnerability from Progress Software, the manufacturer of MOVEit Transfer application, on June 1 and took the application offline for a security update. Once it was brought online, it received another notice from the company to take the system offline for “further investigation.”“The MOVEit service went back online late Monday afternoon, June 5. Additional security updates and monitoring have been installed,” the Province confirmed.While Nova Scotia is still investigating how much information was compromised, preliminary investigation indicates that social insurance numbers, addresses, and banking information were accessed and stolen by the ransomware group.“The amount and type of information depends on the employer. This information was shared through the MOVEit file transfer service because this service is used to transfer employee payroll information,” the press release read.Officials also believe that sensitive personal and financial information of former Nova Scotia Health and public service employees may have been compromised.“The investigation has not yet determined how many employees have been impacted, but initial estimates suggest as many as 100,000. This number could go up or down. The Province will provide more specific numbers as the investigation continues,” it added.Once the Province has identified all affected individuals, it will contact them to notify them about the data breach. It has also decided to offer complimentary credit monitoring services to all impacted individuals.“We know people are concerned, and we are, too. We are now working to identify each person who has been impacted, and once we do, we will notify them.“We’re working as quickly as we can. We will continue to provide updates as we learn more,” said Cyber Security and Digital Service Minister, Colton LeBlanc.All former and current employees of the Province have been advised to watch their bank account activities closely and report any suspicious transactions to relevant law enforcement authorities.