Nova Scotians hit by MOVEit data breach

Nova Scotia’s minister of cyber security and digital solutions, Colton LeBlanc, announced in a press conference yesterday that it is investigating the theft of personal information through a vulnerability in a third-party managed file transfer system. The province was notified of the vulnerability in MOVEit Transfer by the vendor on Jun. 1, and immediately took the system offline to install a security update.

However, late on Jun. 2, it was informed that further investigation was necessary, took the service offline again, and called in security experts.

In a press release issued Sunday, the provincial government said it is working to discover what information was stolen, and how many people were affected.

“Nova Scotians will have questions, and we do, too. Our staff are working hard to figure that out now,” LeBlanc said in the release. “I know this will make some people anxious, at a time when no one needs more anxiety. We will share more information with Nova Scotians as soon as we can.”

MOVEit vendor Progress Software published a security advisory on May 31 about a critical vulnerability that “could lead to escalated privileges and potential unauthorized access to the environment.” It urged users to disable internet traffic to their MOVEit Transfer environments, and to immediately install the security update.

The flaw was originally described as affecting only MOVEit Transfer. MOVEit Cloud was added to the alert on Jun. 4..

TechCrunch reported today that the vulnerability is under active attack and affecting organizations around the world, including British Airways and the BBC, whose payroll support provider, Zellis, uses MOVEit.

Microsoft researchers believe that the Clop ransomware gang is behind the attacks.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Lynn Greiner
Lynn Greiner
Lynn Greiner has been interpreting tech for businesses for over 20 years and has worked in the industry as well as writing about it, giving her a unique perspective into the issues companies face. She has both IT credentials and a business degree.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now