Pin It
Favourite

Monday, April 30, 2018

11 more security failures discovered in Freedom of Information database

Additional leaks from March were discovered two weeks ago by the province.

Posted By on Mon, Apr 30, 2018 at 5:46 PM

click to enlarge Once more unto the breach, dear friends. - VIA ISTOCK, PROBABLY
  • VIA ISTOCK, PROBABLY
  • Once more unto the breach, dear friends.

In addition to a Halifax teenager's computer, eleven other IP addresses downloaded 900 public-facing documents containing private information from the province's Freedom of Information web portal this past March.

The additional leaks were disclosed Monday as part of an overall update on the FOI privacy nightmare that's engulfing the department of Internal Services.

The Freedom of Information and Protection of Privacy (FOIPOP) website has been offline since early April when a government employee accidentally discovered an obvious security flaw that allowed for the easy access of personal files simply by altering numbers in URLs.

It was an oversite that allowed a 19-year-old man in Halifax to download 7,000 documents between March 3 and 5. The teenager, who has told the media he was only conducting research on what he thought were public documents, is awaiting a day in court on a charge of unauthorized computer use.

The province says this latest round of data leaks contain 900 documents downloaded by 11 different IP addresses from late February to early April. All of the files were part of the same 7,000 documents already accidentally released.

The 11 additional IP addresses—all from Nova Scotia—have also been forwarded to Halifax Regional Police to investigate.

The news was met with harsh words from opposition critics.

Interim Progressive Conservative leader Karla MacFarlane says the latest breach proves the Liberal government can’t be trusted to keep personal data safe.

“The Liberals left the portal wide open. They used full force to arrest a 19-year-old kid but now they must be left scratching their heads,” she says in a written statement. “This is pure incompetence.”

Dave Wilson, NDP Internal Services critic, says in an emailed statement that the province shouldn’t be surprised the data was accessed multiple times given its weak security.

“Premier McNeil and his government need to acknowledge the system in place wasn’t good enough and tell people what is being done moving forward to protect private information.”

Provincial spokesperson Brian Taylor says the extra abnormal activity was flagged by vendor Unisys and confirmed by Internal Services staff two weeks ago on April 17.

The 53 people impacted by these latest security failures would have already received a letter informing them that their information was put at risk in the prior breach. Nevertheless, another round of letters will be sent out.

The province’s privacy commissioner and auditor general are both working on parallel investigations into the FOIPOP mess, while IT staff and Unisys work get the website back online—and finally secured.

Tags: , , ,

Survey Asks

Who’s Nova Scotia’s worst tin-pot Doug Ford knockoff?

  • Matt Whitman
  • John Lohr
  • Hannah Dawson-Murphy
  • Elizabeth Smith-McCrossin
  • Tristan Flynn
  • Some other “personality” (suggest names in the comments)

View Results

Comments

Subscribe to this thread:

Add a comment

Remember, it's entirely possible to disagree without spiralling into a thread of negativity and personal attacks. We have the right to remove (and you have the right to report) any comments that go against our policy.

Coast Top Ten

Reality Bites

More »

Shoptalk

More »

In Print This Week

Vol 26, No 17
September 20, 2018

Cover Gallery »


Real Time Web Analytics

© 2018 Coast Publishing Ltd.