// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / Government of Nova Scotia
Breach Record

Government of Nova Scotia

DISCLOSED 2023-06-06 · UNPATCHED CVE

The Government of Nova Scotia confirmed that personal information of employees from Nova Scotia Health, IWK Health Centre, and the public service was stolen in the global MOVEit cybersecurity breach. The investigation indicates that social insurance numbers were among the data accessed. The breach is part of the wider exploitation of a zero-day vulnerability in MOVEit...

The record

What we know

Disclosed
2023-06-06
Attack vector
Unpatched Cve
Sector
Government
Country
Canada
Domain
novascotia.ca
Data classes exposed
social insurance numbers
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · unclear · opinion

The breach involved a zero-day in MOVEit Transfer, a file transfer application, not an endpoint. A positive-security model on endpoints would not have prevented exploitation of the server application.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other unpatched cve breaches on file

This page is the permanent ColdRecon entry for the Government of Nova Scotia disclosure. It updates if new public reporting emerges. All tracked breaches →

Government of Nova Scotia just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →