The Nunatsiavut Government is advising of a privacy breach of personal and health information that could impact upwards of 7,500 people.

On July 24, it was learned from Advanced Data Systems Ltd. (ADS), which develops and maintains databases of NG information, that someone had hacked into its networks. ADS and NG immediately launched an investigation and found that upwards of 7,500 people’s information might have been accessed by the hacker.

The information on ADS’s networks included:

• Information from the NG membership database, such as the names, addresses, phone numbers, dates of birth and e-mail addresses;

• Information on those who receive assistance with health costs not covered by insurance, such as MCP numbers, and details about medical trips, like who went with them, where they went, what they did, the purpose of their medical appointment and where they stayed, including if they stayed at someone’s home (Non-Insured Health Benefits, or NIHB);

• Information on those who receive assistance for post-secondary education (Post-Secondary Student Support Program, or PSSSP), such as how much money they make, the names and dates of birth of their family members, what school and program they attend or previously attended, student ID numbers, costs of books, living expenses, rent, scholarships and travel, as well as any problems they may have had at school, reports on how they are doing, why they left programs (including if it was for medical reasons) and any mental health or medical issues that affect their schooling. Additionally, the NG has determined that approximately 39 Social Insurance Numbers (SINs) were on the ADS’ network. NG will contact the people whose SIN’s were accessed by the hacker directly. ADS provided an update on the investigation in August, and advised NG that it had negotiated with the hacker for the deletion of all of the accessed data. NG cannot be sure that the hacker really deleted the data and therefore, is letting the public know about what happened. There is no indication that anyone has used the NG data.

NG and ADS say they are doing everything possible to stop this from happening again and will keep working to ensure such information is better protected.

In the meantime, Beneficiaries are encouraged to be vigilant by:

•  Checking personal credit scores;
•  Telling their financial institutions about what happened so that they can watch accounts;
•  Monitoring accounts for anything strange;
•  Changing passwords and making them hard to guess;
•  Using MultiFactor Authentication when possible; and
•  Being careful of e-mail phishing scams (don’t click on links that appear suspicious). Affected individuals who have questions or wanting more information can call the NG at (709) 922- 2942 or (709) 922-2573, Monday to Friday between the hours of 8:30am and 4:30pm ADT. Those who are not satisfied with how NG handled this matter can contact the provincial Office of the Information and Privacy Commissioner (OIPC). The OIPC are responsible for ensuring that the Access to Information and Protection of Privacy Act and the Personal Health Information Act are followed in addition to receiving and investigating complaints related to breaches of information and privacy.