Impacted individuals

Last updated: 3 August 2023 at 2:20 pm

14 June 2023

As of 14 June 2023, the privacy breach now also includes:

  • About 13,000 active employees of regional centres for education and the Conseil scolaire acadien provincial. This includes teachers, as well as administrative, human resources and finance staff. Information breached includes name, address, social insurance number, pension payment amounts and gender. This is different from the list of certified and permitted teachers announced Friday, June 9, although there may be overlap.
  • About 480 individuals in the Prescription Monitoring Program. This includes health card number, personal health information and demographic information. This is an update to the 60 people announced Friday, June 9.
  • About 17,500 water and tax bill accounts with the Region of Queens Municipality, including name, address, account number, payment amount and balance owing. This does not include other financial information.
  • Just more than 100 patients who visited the early labour and assessment unit at the IWK Health Centre. The personal health information breached was limited – name, date and time of visit, and reason for visit.
  • Five students from a Department of Labour, Skills and Immigration file have had their name, address, social insurance number, phone number and date of birth released; two students have had their name, institution and student ID number released.

Elections Nova Scotia’s voters list was also on MOVEit so it could be shared with political parties. But this file was shared in a way that made it inaccessible, and the investigation has indicated it was not compromised.

While the Department of Cyber Security and Digital Solutions is reviewing files impacted by the breach, individual government departments and organizations that use MOVEit were sent their files to review and notify people accordingly. For example, Halifax Water notified approximately 25,000 customers that their names and account numbers were part of the breach.

The duplication of names has made it challenging to get the definitive number of individual Nova Scotians impacted. The number also changes as files are reviewed. For example, the number of recipients of Nova Scotia pensions whose name, date of birth and demographic information were compromised has changed to 900 from the 1,400 reported last week. Also, the number of incarcerated Nova Scotians whose prisoner ID number, name, gender, date of birth and incarceration status were compromised has increased to 655 from 500.

9 June 2023

As of 9 June 2023, the privacy breach includes:

  • About 55,000 records of past and present certified and permitted teachers in Nova Scotia, including name, address, date of birth, years of service and educational background. The information does not include social insurance numbers or banking information. The list includes people born in 1935 or later.
  • About 26,000 students, aged 16 years and older, including date of birth, gender, student ID, school, civic address and mailing address. This information was in the database because it was shared with Elections Nova Scotia.
  • About 5,000 short-term accommodations owners in the Tourist Accommodations Registry. The information stolen included name, owner’s address, property address and registration number.
  • About 1,400 Nova Scotia pension plan recipients. Their names, social insurance numbers, dates of birth and demographic data were stolen.
  • About 3,800 people who applied for jobs with Nova Scotia Health, including their demographic data and employment details. Social insurance numbers were not included.
  • 1,085 people issued Halifax Regional Municipality parking tickets. Names, addresses and licence plate numbers were stolen.
  • About 500 people in provincial adult correctional facilities; name, date of birth, gender, prisoner ID number and status in the justice system were stolen.
  • About 100 Nova Scotia Health vendors, including product and pricing information. Vendors’ banking information does not appear to be included.
  • 54 people issued summary offence tickets; names, driver’s licence numbers and dates of birth were stolen. As of 14 June 2023, government has confirmed that this group was not impacted.
  • 54 clients of the Department of Community Services, including names, addresses, client ID and transit pass photos.

As of 9 June 2023, the privacy breach in the healthcare system includes:

  • About 1,330 people in the Department of Health and Wellness client registry, including name, address, date of birth, and health card number. The client registry includes Vital Statistics data quality reports, change of address information and newborn registrations.
  • At least 150 people in the Department of Health and Wellness provider registry, including doctors, specialists, nurses and optometrists. Assessments are ongoing. The information taken includes names, addresses and dates of birth. It does not include social insurance number or banking information.
  • About 60 people with the Prescription Monitoring Program, including names, addresses, dates of birth, health card numbers and personal health information.
  • 41 newborns born between May 19 and 26. Information stolen includes last name, health card number, date of birth and date of discharge. Parents will be notified.