Update on MOVEit Breach Response
This week, the Province will start sending the next wave of notification letters to people whose personal information was stolen in the MOVEit global cybersecurity breach.
This phase of notification is for people whose stolen information is considered less sensitive. Less sensitive information can include names, addresses, license plate numbers and email addresses. Though that data is personal, it does not pose the same risk of harm as stolen social insurance numbers and banking information, which criminals can use to steal someone’s identity.
People who had only less sensitive information taken will not receive credit monitoring and fraud protection coverage because there is a very low risk of identity theft or fraud.
“We made the decision about offering credit monitoring and fraud protection carefully, considering best practice. We have also discussed this and other issues with the Office of the Information and Privacy Commissioner as we move forward with our breach response,” said Cyber Security and Digital Solutions Minister Colton LeBlanc. “I know many people are worried about the potential for identity theft and fraud. I encourage all Nova Scotians, whether they’ve been impacted by this breach or not, to take steps to keep themselves cyber safe. Unfortunately, these incidents are becoming a reality in the digital age, and it’s up to us all to take steps to protect ourselves.”
The Province is nearing completion of notice to people whose sensitive personal information was stolen. Letters with offers of credit monitoring have been sent to nearly 81,000 civil servants, Nova Scotia Health and IWK Health employees and others, and about 44,000 certified teachers will receive letters soon.
Quick Facts:
- the breach took place May 30-31, before the Province was aware of the global vulnerability of the MOVEit file transfer system
- scammers often use incidents like this to prey on people; the Province will not ask for social insurance numbers, MSI numbers, banking information or money when it notifies impacted Nova Scotians
- Nova Scotians who are offered credit monitoring services can provide this information to TransUnion when they sign up for the service, since it helps the company match their identity and take full advantage of the service
- neither of Canada’s credit monitoring agencies offer credit monitoring and fraud protection to young people under 18
Additional Resources:
Updates and information on this breach are available at: https://novascotia.ca/privacy-breach/
The Office of the Information and Privacy Commissioner’s guidelines for managing a privacy breach: https://oipc.novascotia.ca/sites/default/files/forms/FOIPOP%20Forms/Key%20Steps%20to%20Responding%20to%20Privacy%20Breaches%20ENG%20FINAL%20March2015.pdf
Information on protecting a social insurance number and what to do if it is compromised: https://canada.ca/social-insurance-number
Information on what steps to take to protect the identity of a deceased loved one: https://canada.ca/en/services/benefits/notify-government-death.html
General cyber-safety information is available at: https://www.getcybersafe.gc.ca/en