Nova Scotians hit by MOVEit data breach

Nova Scotia’s minister of cyber security and digital solutions, Colton LeBlanc, announced in a press conference yesterday that it is investigating the theft of personal information through a vulnerability in a third-party managed file transfer system. The province was notified of the vulnerability in MOVEit Transfer by the vendor on Jun. 1, and immediately took the system offline to install a security update.

However, late on Jun. 2, it was informed that further investigation was necessary, took the service offline again, and called in security experts.

In a press release issued Sunday, the provincial government said it is working to discover what information was stolen, and how many people were affected.

“Nova Scotians will have questions, and we do, too. Our staff are working hard to figure that out now,” LeBlanc said in the release. “I know this will make some people anxious, at a time when no one needs more anxiety. We will share more information with Nova Scotians as soon as we can.”

MOVEit vendor Progress Software published a security advisory on May 31 about a critical vulnerability that “could lead to escalated privileges and potential unauthorized access to the environment.” It urged users to disable internet traffic to their MOVEit Transfer environments, and to immediately install the security update.

The flaw was originally described as affecting only MOVEit Transfer. MOVEit Cloud was added to the alert on Jun. 4..

TechCrunch reported today that the vulnerability is under active attack and affecting organizations around the world, including British Airways and the BBC, whose payroll support provider, Zellis, uses MOVEit.

Microsoft researchers believe that the Clop ransomware gang is behind the attacks.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Lynn Greiner
Lynn Greiner
Lynn Greiner has been interpreting tech for businesses for over 20 years and has worked in the industry as well as writing about it, giving her a unique perspective into the issues companies face. She has both IT credentials and a business degree

Related Tech News

Featured Tech Jobs

 

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.