At least 100,000 Nova Scotians affected by cyber theft of government employee files

Cyber-criminals made off with the personal and banking information of at least 100,000 Nova Scotians last week, before the Nova Scotia government secured a file transfer service that had been breached as part of a global attack on MOVEit. 

Nova Scotia's Minister of Cyber Security and Digital Service Colton LeBlanc provided that number Tuesday as part of an update on the investigation into the cyber theft, which he first disclosed on Sunday (new window).

100,000 people, 100,000 Nova Scotians being employees, current or past employees of Nova Scotia Health, the IWK, as well as the provincial civil service, have been impacted, LeBlanc told reporters during a virtual briefing. We still have more work to do and as that work unfolds, that number could go up or it could go down.

The minister said the information taken by the cyber-criminals was payroll data that was transferred between departments, including banking details, home addresses and social insurance numbers.

Although the province said it acted as soon as it was notified of a possible vulnerability in the MOVEit service on June 1, the department's deputy minister Natasha Clarke confirmed that the software patch to plug the digital hole was applied after the data was taken.

Our investigation showed that the the stolen data that took place the two days prior to us being notified that there was a vulnerability. said Clarke. So once we put the patching in place, there was no more nefarious activity that we were able to see as a part of our investigation.

More to come.

Jean Laroche (new window) · CBC News