11 more security failures discovered in Freedom of Information database

Additional leaks from March were discovered two weeks ago by the province.

click to enlarge 11 more security failures discovered in Freedom of Information database
Once more unto the breach, dear friends.

In addition to a Halifax teenager's computer, eleven other IP addresses downloaded 900 public-facing documents containing private information from the province's Freedom of Information web portal this past March.

The additional leaks were disclosed Monday as part of an overall update on the FOI privacy nightmare that's engulfing the department of Internal Services.

The Freedom of Information and Protection of Privacy (FOIPOP) website has been offline since early April when a government employee accidentally discovered an obvious security flaw that allowed for the easy access of personal files simply by altering numbers in URLs.

It was an oversite that allowed a 19-year-old man in Halifax to download 7,000 documents between March 3 and 5. The teenager, who has told the media he was only conducting research on what he thought were public documents, is awaiting a day in court on a charge of unauthorized computer use.

The province says this latest round of data leaks contain 900 documents downloaded by 11 different IP addresses from late February to early April. All of the files were part of the same 7,000 documents already accidentally released.

The 11 additional IP addresses—all from Nova Scotia—have also been forwarded to Halifax Regional Police to investigate.

The news was met with harsh words from opposition critics.

Interim Progressive Conservative leader Karla MacFarlane says the latest breach proves the Liberal government can’t be trusted to keep personal data safe.

“The Liberals left the portal wide open. They used full force to arrest a 19-year-old kid but now they must be left scratching their heads,” she says in a written statement. “This is pure incompetence.”

Dave Wilson, NDP Internal Services critic, says in an emailed statement that the province shouldn’t be surprised the data was accessed multiple times given its weak security.

“Premier McNeil and his government need to acknowledge the system in place wasn’t good enough and tell people what is being done moving forward to protect private information.”

Provincial spokesperson Brian Taylor says the extra abnormal activity was flagged by vendor Unisys and confirmed by Internal Services staff two weeks ago on April 17.

The 53 people impacted by these latest security failures would have already received a letter informing them that their information was put at risk in the prior breach. Nevertheless, another round of letters will be sent out.

The province’s privacy commissioner and auditor general are both working on parallel investigations into the FOIPOP mess, while IT staff and Unisys work get the website back online—and finally secured.

About The Author

Support The Coast

At a time when the city needs local coverage more than ever, we’re asking for your help to support independent journalism. We are committed as always to providing free access to readers, particularly as we confront the impact of COVID-19 in Halifax and beyond.

Read more about the work we do here, or consider making a donation. Thank you for your support!

Comments (0)

Add a comment

Add a Comment

Get more Halifax

The Coast Daily email newsletter is your extra dose of the city Monday through Friday. Sign up and go deep on Halifax.

Recent Comments

  • Re: Why Schmidtville matters

    • Agree 100%! It's amazing what you and the group have accomplished for the protection and…

      Posted by: Donna Brinson on Aug 4, 2022

  • Re: The politics of imagination

    • Really enjoyed this article, thanks for sharing. Evidence of the difficulty of pulling past what…

      Posted by: Bloctopods on Aug 4, 2022

  • Re: Over 150 years of absolute bullshit

    • It is a fool’s game to dissect the past looking for indiscretions, behaviours and events…

      Posted by: Steve Kravcik on Jul 31, 2022