CBC News in Canada reports:
Halifax police have detained a person after a breach of the Nova Scotia government’s freedom-of-information website that included access to personal information.
More than 7,000 documents were accessed. About four per cent were determined to have “highly sensitive personal information,” according to government officials. They said the number of Nova Scotians affected is “in the thousands.”
“This is not great news,” Internal Services Minister Patricia Arab said Wednesday.
Sensitive information accessed includes birth dates, social insurance numbers, addresses and government-services client information. Credit card information was not accessed during the breach, according to the government.
Read more on CBC News. This appears to be a case where someone exploited a vulnerability, but I imagine we’ll learn more in due course.
The Office of the Information and Privacy Commissioner of Nova Scotia issued a press statement today:
HALIFAX – Information and Privacy Commissioner Catherine Tully has launched an investigation into the recently announced breach of the government’s access to information web portal.
This investigation will examine whether the Department of Internal Services was in compliance with Nova Scotia’s Freedom of Information and Protection of Privacy Act. The investigation will focus in particular on the adequacy of the security of the system.
When the investigation is complete, a public report will be published online at www.foipop.ns.ca. As this is an active investigation, no additional details are available at this time.