Privacy breach alerts and information
Alerts and information about the privacy breach in June 2023.
On 30 May 2023, the Government of Nova Scotia and other users were informed about a vulnerability with a file transfer service called MOVEit (the service allows information to move efficiently within government and to our partners).
If government notifies you about a breach
If government notifies you about your information being impacted in any breach, we won’t ask for your health card, social insurance number, banking information other personal information or money. Sometimes there are phishing or scam attempts that try to use a privacy breach to steal additional information. Be safe and don’t share your personal information if asked.
If you receive a letter addressed to someone who has passed away, there are steps you can take to help make sure their identity can't be accessed by criminals. You should notify the federal government of the death if you haven’t already.
-
May
29 May 2024
- The Cyber Security Attack on Nova Scotia’s MOVEit System - Public Report (PDF) – The report describes steps taken by the Department of Cyber Security and Digital Solutions and other provincial authorities to identify, contain, and provide notification of the breach to Progress Software’s MOVEit file transfer system in May 2023.
Apr
19 April 2024
- As part of the breach review, dates have been updated to ensure accuracy.
Aug
2 August 2023
- Notification letters sent to 158 people in the Department of Health and Wellness client registry (newborn registrations) who were impacted by the privacy breach in the healthcare system.
- Notification letters sent to 795 people in the Department of Health and Wellness client registry (data quality reports) who were impacted by the privacy breach in the healthcare system.
Jul
28 July 2023
- Notification letters sent to 99 people in the Department of Health and Wellness client registry (change of address) who were impacted by the privacy breach in the healthcare system.
- Notification letters sent to 371 people with the Prescription Monitoring Program who were impacted by the privacy breach in the healthcare system.
22 to 25 July 2023
- Notification letters sent to 8,103 people with water and tax bill accounts in the Region of Queens Municipality who were impacted by the privacy breach.
- Notification letters sent to 383 people in provincial adult correctional facilities who were impacted by the privacy breach.
- Notification letters sent to 245 people in provincial adult correctional facilities who were impacted by the privacy breach.
19 July 2023
- Notification letters sent to 15,393 employees of regional centres for education and of the Conseil scolaire acadien provincial who were impacted by the privacy breach.
- Notification letters sent to 515 employees of regional centres for education and of the Conseil scolaire acadien provincial who were impacted by the privacy breach.
- Notification letters sent to 178 Nova Scotia pension plan recipients who were impacted by the privacy breach.
- Notification letters sent to 2 students who were impacted by the privacy breach through a Department of Labour, Skills and Immigration file.
18 July 2023
- Notification letters sent to 865 people issued Halifax Regional Municipality parking tickets who were impacted by the privacy breach.
13 July 2023
- Notification letters sent to 12,825 employees of regional centres for education and of the Conseil scolaire acadien provincial who were impacted by the privacy breach.
- Notification letters sent to 12,320 employees of regional centres for education and of the Conseil scolaire acadien provincial who were impacted by the privacy breach.
11 July 2023
- Government is starting an additional notification process for people impacted by the MOVEit cyber security breach. During this phase, notification letters are sent to Nova Scotians who have had less sensitive personal information stolen (they won’t receive credit monitoring and fraud protection because there’s a very low risk of identity theft or fraud).
Less sensitive information can include names, addresses, license plate numbers and email addresses. Though that data is personal, it doesn’t pose the same risk of harm as stolen social insurance numbers and banking information, which criminals can use to steal someone’s identity.
4 to 7 July 2023
- Notification letters sent to 9,483 employees of Nova Scotia Health who were impacted by the privacy breach.
- Notification letters sent to 730 employees of the Conseil scolaire acadien provincial who were impacted by the privacy breach.
- Notification letters sent to 12,300 employees of regional centres for education who were impacted by the privacy breach.
- Notification letters sent to 3,872 employees of the IWK Health Centre who were impacted by the privacy breach.
Jun
21 to 24 June 2023
- Notification letters sent to 30,000 employees of Nova Scotia Health who were impacted by the privacy breach.
- Notification letters sent to 10,000 employees of Nova Scotia Health who were impacted by the privacy breach.
23 June 2023
- Notification letters sent to 13,385 public service employees who were impacted by the privacy breach.
- Notification letters sent to 153 employees of the IWK Health Centre who were impacted by the privacy breach.
21 June 2023
- Notification letters sent to 880 Nova Scotia pension plan recipients who were impacted by the privacy breach.
- Notification letters sent to the 5 students who were impacted by the privacy breach through a Department of Labour, Skills and Immigration file.
16 June 2023
- Government started the notification process for people impacted by the MOVEit cyber security breach.
- Notification letters sent to 52 clients of the Department of Community Services who were impacted by the privacy breach.
14 June 2023
- Government is making significant progress in identifying groups of people and organizations impacted by the MOVEit cyber security breach. The investigation is in the early stages of identifying the individuals affected and notification letters will start going out at the end of the week.
- Government has identified more members of the public and more members of the public service impacted by the breach.
9 June 2023
- Government has identified more records stolen in the MOVEit cyber security breach. The breach extends to some members of the public and more members of the public service.
6 June 2023
- Government has determined that the personal information of many employees of Nova Scotia Health, IWK Health Centre and the public service was stolen (information includes social insurance numbers, addresses and banking information). The amount and type of information stolen depends on the employer.
- The investigation has not yet determined an exact number, but initial estimates suggest as many as 100,000 present and past employees are impacted.
4 June 2023
- The police, Canadian Centre for Cyber Security and the Office of the Information and Privacy Commissioner were notified of the breach. The Canadian Centre for Cyber Security is also providing expert advice, guidance and support.
3 June 2023
- Government confirmed that some Nova Scotians’ personal information had been stolen. Government is working to determine exactly what information was stolen and how many people have been impacted.
2 June 2023
- Government became aware that further investigation was needed. Government took the system offline again and started to investigate. IBM cybersecurity experts were also called in to help.
1 June 2023
- Government identified a vulnerability with MOVEit. Government took the system offline and installed a security update as instructed, then brought the service back online.
News releases
Latest news releases and announcements:
Protecting your information
Cybersecurity is an issue for everyone, regardless of whether you are impacted by this breach or not. Steps you can take to protect yourself include:
- only install applications on your devices from well-known companies
- never share your password, always create strong passwords and use multifactor authentication where possible
- monitor your financial accounts and check your credit information regularly with TransUnion or Equifax
- limit your public computer use to non-sensitive transactions (and remember to log out of public computers when you finish using them)
If you’re worried about your personal information:
- contact your financial institution and any other companies to let them know that your personal information may be compromised
- contact TransUnion or Equifax and ask to have a fraud alert placed on your credit report (lenders need to contact you and confirm your identity before they approve any application for credit if a fraud alert is on your credit report)
For information on what to do if your social insurance number is compromised and how to protect it, visit Protecting your SIN or call 1-866-274-6627.