It isn’t often that you hear the words “breach,” “privacy,” and “moose” in the same sentence, but thanks to the province of Nova Scotia, that just changed. The maritime province on Canada’s East Coast was dealing with the publicity fallout from an information leak this week after reportedly mismanaging the distribution of personal license information to hunters.
Each year, Nova Scotia Lands and Forestry holds a lottery to distribute moose-hunting licenses in the Cape Breton region. Restricting licenses is important to preserve the moose population, which has declined of late.
According to the CBC, the government department distributed licenses to the winners. The problem was that they were the wrong licenses. Hopeful hunters received other peoples’ names and wildlife resource card numbers in the mail.
The government used to publish the names of the winners in the local newspaper, but stopped doing that. Some hunters believe that was because lottery winners would be pestered by outfitters hoping to sell them equipment. The information, if distributed to the wrong people, would enable them to purchase licenses for hunting other animals illegally.
A government official said that the botched mailing was down to human error. Letters to hunters were printed separately from envelopes, and staff didn’t realize that the letters contained information specific to individuals. The government is recalling information packs that it sent out and mailing new ones.
This may be a low-level breach, but it is the latest in a series of slip-ups by the Nova Scotia government that had more serious ramifications. In May, it removed online documents involving appeals to its Workers’ Compensation Board that included personal details about peoples’ health, medications, and family.
Last year, the Nova Scotia Health Authority had to notify almost 3,000 people about a breach of their health information after a successful phishing attack on an employee. The province was also the recipient of the Electronic Frontier Foundation’s 2019 What the Swat? Award after it arrested a teenager for downloading 7,000 sensitive documents from publicly accessible URLs on its website. It later dropped the charges.
Source: Infosecurity Magazine