Most provinces and territories are not reporting similar data breaches to the one in Nova Scotia after the government there confirmed that a hack involving a third-party file transfer service might affect thousands of people.
CTVNews.ca reached out to provincial and territorial information and privacy offices after the Nova Scotia government reported on June 4 that it is investigating the theft of personal information stolen through a global privacy breach of the software company MOVEit.
Nova Scotia Cybersecurity Minister Colton LeBlanc said on June 6 that as many as 100,000 people in the province had their personal data stolen, such as social insurance numbers, addresses and banking information.
On Wednesday, the province confirmed that it had identified thousands more victims.
Most of the other provincial and territorial information and privacy offices in the country confirmed to CTVNews.ca by email over the last couple of weeks that they are not aware of similar breaches involving the MOVEit system.
Nunavut’s office said that while the territory’s privacy law only applies to the territorial government, it had received no notification from any public body about a data breach involving MOVEit as of June 4.
On June 5, the offices in Yukon, P.E.I., Saskatchewan and Newfoundland and Labrador said they were not aware, or had not received any reports, of a similar situation happening in their provinces or territories.
Thousands of people in Newfoundland and Labrador were victims of a cyberattack affecting the province’s health-care system in 2021.
Alberta’s information and privacy office said it is aware of at least one privacy sector organization that is possibly affected by an incident involving MOVEit.
“We are not in a position to provide further details at this time, however,” the office said.
Under the province’s public sector privacy law, the office said there are no requirements to report breaches.
“We do, however, encourage public bodies to report breaches to our office,” it added.
On June 6, the office for British Columbia said under the provincial privacy act, it is unable to provide information confirming whether it has a file on the MOVEit matter, the one exception being when a public body or organization publicly states that it has reported a breach to the office.
The office says that as of Feb. 1, public bodies are required to notify anyone, and report to the office, of privacy breaches “that could be expected to result in significant harm.”
The offices in Quebec and Ontario said they have not received any privacy breaches involving public bodies.
On Wednesday, the office in New Brunswick said it is “not in a position to comment on this matter.”
The Manitoba Ombudsman’s media line did not respond to an email sent by CTVNews.ca.
With files from The Canadian Press
More Stories
Satellite built by N.B. students not responding a week after entering Earth’s orbit | Globalnews.ca
Cisco reveals security breach, warns of state-sponsored spy campaign
Ingenuity Mars Helicopter down but definitely not out | CBC Radio