Report on $3.8 Million Response to The MOVEit Cybersecurity Breach.
Nova Scotia has strengthened government’s cybersecurity and improved the Province’s ability to respond to cyberthreats since Nova Scotians’ personal information was stolen in the MOVEit breach one year ago.
The Province is also committed to further action on the evolving issues around cybersecurity as outlined in its final report on the breach, released today, May 29.
“I’d love to be able to say we will never face another cybersecurity breach. Cyberthreats are unfortunately a reality in the world we now live in. Everyone – governments, private companies and people – are all at risk. We must take steps to protect ourselves,” said Cyber Security and Digital Solutions Minister Colton LeBlanc. “We learned important lessons from the MOVEit breach and our response to it. We made changes immediately, and we’ll continue to strengthen our defences to keep Nova Scotians’ information as safe as we can.”
The Province has already acted on recommendations in the report. The recommendations include:
- enhance security within the MOVEit file transfer system
- improve how data is classified and managed
- ensure there is enhanced capacity to respond to large-scale breaches
- continuously review and adapt the overall cybersecurity strategy to strengthen the ability to respond to large-scale events
- require all staff to take mandatory cybersecurity awareness training every year
- work closely with other jurisdictions, across Canada and around the world, to share information and build capacity in Nova Scotia.
In total, responding to the MOVEit breach cost $3.8 million.
Quotes:
“I don’t measure an organization’s success in cyber-resiliency by a lack of events or incidents. I measure it by how well they handle it, how clearly they explain it and how they apply the lessons they’ve learned. By that measure, Nova Scotia has done well. They showed tremendous leadership following last year’s MoveIt breach, demonstrating a strong command of the situation and outstanding transparency in response efforts.”
— David Shipley, co-founder and CEO, Beauceron Security Inc.
Quick Facts:
- the MOVEit vulnerability happened on May 30 and 31, 2023, impacting governments and private companies around the world that used this file transfer service
- the Province sent out more than 168,000 notification letters to Nova Scotians whose personal information was breached
- people affected included retired teachers, civil servants, people who received parking tickets in Halifax Regional Municipality and 1,923 patients whose personal health information was stolen
- credit monitoring was offered to those whose sensitive personal information, including social insurance numbers and financial data, was stolen; 30,000 people signed up for the service
Additional Resources:
MOVEit public report: https://novascotia.ca/privacy-breach/
Canadian Centre for Cyber Security: https://www.cyber.gc.ca/en
Source : Provincial Release