Cyber criminals access payroll data transferred between departments
At least 100,000 workers in Nova Scotia were impacted by cybertheft last week, with cybercriminals taking sensitive worker information.
"100,000 people, 100,000 Nova Scotians being employees, current or past employees of Nova Scotia Health, the IWK, as well as the provincial civil service, have been impacted," said Colton LeBlanc, Nova Scotia's minister of cyber security and digital service, said in a virtual briefing, according to a CBC report.
"We still have more work to do and as that work unfolds, that number could go up or it could go down."
"Cybercriminals" made off with payroll data that was transferred between departments, including banking details, home addresses and social insurance numbers, according to the CBC report.
They exploited a weakness in the MOVEit managed file transfer software, according to the report. Nova Scotia said it acted as soon as it was notified of a possible vulnerability in the MOVEit service on June 1, but the software patch to plug the digital hole was applied after the data was taken, Natasha Clarke, deputy minister of cyber security and digital service, said in the CBC report.
"Our investigation showed that the stolen data that took place the two days prior to us being notified that there was a vulnerability. So once we put the patching in place, there was no more nefarious activity that we were able to see as a part of our investigation."
Previously, Abnormal Security revealed that there had been an 81% increase in the business email compromise (BEC) attacks between the first and the second half of 2022. Employees opened nearly 28% of received attacks between July and December 2022, with an average of 15% of these emails responded to. Only 2.1% of all known BEC attacks are reported to their employers.
Global cybersecurity issue
On Sunday, LeBlanc first alerted the public of a "global cybersecurity issue" that resulted in the theft of personal information. He did not disclose what specific information was stolen.
Numerous employers have come out to say they have also been impacted. The BBC, British Airways, Aer Lingus and Boots are among the companies whose staff have been affected by the MoveIt data breach. Staff have been warned personal data including national insurance numbers and in some cases bank details may have been stolen, BBC reported.
Over seven in 10 (71%) executives believe that their company's next cybersecurity breach will likely be because of an internal staff error, according to a previous report from EisnerAmper's Outsourced IT Services.
Meanwhile, the Canadian government is still looking into the situation.
"That investigation is ongoing," said Clarke. "I think the approach we're taking here is not letting perfect be the enemy of good. What's important is we want to be confident, come out with good information and be as transparent to Nova Scotians knowing that we don't have all of the answers.”
What to do?
More organizations are expected to issue staff warnings, as the extent of the breach is discovered, according to Joe Tidy, cyber correspondent at BBC.
“The criminals thought to be responsible for the MoveIt hack are notoriously ruthless with their extortion techniques,” he said.
He shared the following tips that employers can also share to workers who have been impacted by the cybertheft:
- Don’t pay
- Look out for suspicious emails and phone calls - particularly ones about the hack
- Don’t log in
“The MOVEit breach is likely to become more serious as other companies discover they have been hacked - but, experts say, data stolen in previous hacks has been published in an obscure corner of the dark web, with little consequence to individuals.”
In January, employees of the Huron-Superior Catholic District School Board in Ontario may have had their personal information compromised due to a cyber attack.