Nova Scotia says all victims of MOVEit breach have been notified

Siva Ramakrishnan

One of the first North American organizations to suffer a data breach because of a vulnerability in the MOVEit file-transfer software says it has notified more than 165,000 people that their personal information was stolen.

The government of Nova Scotia said on Thursday that it has finished sending letters to all victims of the incident in late May and is spending CA$2.85 million Canadian ($2.16 million) for credit monitoring services.

“Now, we can turn our focus to setting out the lessons we’ve learned and ensuring departments are doing what they need to do to keep Nova Scotians’ personal information safe,” said Colton LeBlanc, the province’s cybersecurity minister, in a news release.

The timeline of the Nova Scotia response underscores how time-consuming it can be for a government to analyze stolen data and officially notify victims. The province initially warned residents on June 4 about the breach, one of many this year that have affected millions of people collectively.

The provincial government said 118,000 people had “sensitive personal information, such as social insurance numbers or banking information,” stolen in the incident. Another 47,000 letters also went to people who had “less sensitive” information stolen. So far about 29,000 people have signed up for the free credit monitoring.

In the incident, hackers found a way to exploit a bug in MOVEit, a file-transfer tool from U.S.-based Progress Software that is used all over the world. The Clop ransomware gang, in particular, has taken credit for dozens of attacks. In the U.S., federal and state government agencies were also among the targets.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Joe Warminsky is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

IRS, Dutch and UK experts teach Ukrainian law enforcement how to catch sanctions evaders

Next Post

Cyber insurance claims spiked in first half of 2023 as ransomware attacks surged: report

Related Posts

LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of Justice (DoJ) with "conspiring with others to intentionally damage protected computers and to transmit
Read More

Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defense Sectors

An Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation, and defense industries in the Middle East, including Israel and the U.A.E. Other targets of the cyber espionage activity likely include Turkey, India, and Albania, Google-owned Mandiant said in a new analysis. UNC1549 is said to overlap with&nbsp
Siva Ramakrishnan
Read More