Where could information stolen in the N.L. cyberattack go? A data privacy expert weighs in

With confirmation from government officials that data was taken from Newfoundland and Labrador's regional health authorities in last month's cyberattack, a data privacy consultant provides some insight on where the data could go.

The kind of data stolen could quickly lead to identity theft, says David Morgan

CBC News Posted: Nov 19, 2021 4:30 PM EST | Last Updated: November 20, 2021

A silhouetted man hunched over a computer with data illuminated in the background. — Data has been confirmed to have been stolen in the cyberattack affecting Newfoundland and Labrador's healthcare system. (Kacper Pempel/Reuters)

St. John's privacy consultant DavidMorgan told CBC News earlier this week that criminal organizations often use the dark web to look for "good data": data that can be used to apply for things like loans and credit cards.

"In some cases, there may be small pockets of data that are purchased by smaller outfits and that sort of thing. But it's typically an organized crime," he said.

Morgan said he is particularly worried for health authority employees; earlier this month, Health Minister John Haggie said all current and former employeesof Eastern Healththe last 14 years, Central Health in the last 13 years and Labrador-Grenfell Health in the last nine years should assume their data has beenstolen.

"It's pretty clear now at this point that this is a pretty serious situation that we're facing in the province," said Morgan.

Haggie and Justice Minister John Hogansay their biggest concern for the stolen data is the potential foridentity theft as hackers or organized crime groups could use the stolen data to steal someone's identity.

Officials confirm patient data stolen in N.L. cyberattack

N.L. government doesn't know who might have patient and employee data hit by cyberattack

"With this recent theft from the regional health authorities, they've got some very current, good data. Social insurance numbers and that sort of thing," he said.

"If you have a social insurance number, date of birth, that's a really good starting point. Somebody's name, middle name, if you throw in a mother's maiden name, that's some really good data on which to start a fake identity."

St. John's data privacy consultant David Morgan said the cyberattack is an extremely serious problem for Newfoundland and Labrador. (CBC)

Morgan said people who fear theirdata has been stolen should take advantage of the services the provincial government is offering.

"I think they really need to take advantage of the offering of the credit monitoring that the RHAs and the government have put to them. It seems like a bit of a hassle but take advantage of it," Morgan said.

Privacy commissioner promises investigation into N.L. cyberattack

He said people should also practise proper Internet safety, such as frequently changing passwords andwatching out for suspicious calls and emails that could further target someone whose information was taken in the data breach.

With files from Anthony Germain

CBC's Journalistic Standards and Practices|About CBC News

Corrections and clarifications|Submit a news tip|

Sign Up

Where could information stolen in the N.L. cyberattack go? A data privacy expert weighs in

The kind of data stolen could quickly lead to identity theft, says David Morgan

Related Stories