[BreachExchange] Moose Remain Unaware of Lottery Privacy Breach

Tue Jul 7 09:44:35 EDT 2020

https://www.infosecurity-magazine.com/news/moose-unaware-lottery-privacy/

The maritime province on Canada’s East Coast was dealing with the
publicity fallout from an information leak this week after reportedly
mismanaging the distribution of personal license information to
hunters.

Each year, Nova Scotia Lands and Forestry holds a lottery to
distribute moose-hunting licenses in the Cape Breton region.
Restricting licenses is important to preserve the moose population,
which has declined of late.

According to the CBC, the government department distributed licenses
to the winners. The problem was that they were the wrong licenses.
Hopeful hunters received other peoples’ names and wildlife resource
card numbers in the mail.

The government used to publish the names of the winners in the local
newspaper, but stopped doing that. Some hunters believe that was
because lottery winners would be pestered by outfitters hoping to sell
them equipment. The information, if distributed to the wrong people,
would enable them to purchase licenses for hunting other animals
illegally.

A government official said that the botched mailing was down to human
error. Letters to hunters were printed separately from envelopes, and
staff didn’t realize that the letters contained information specific
to individuals. The government is recalling information packs that it
sent out and mailing new ones.

This may be a low-level breach, but it is the latest in a series of
slip-ups by the Nova Scotia government that had more serious
ramifications. In May, it removed online documents involving appeals
to its Workers’ Compensation Board that included personal details
about peoples’ health, medications, and family.

Last year, the Nova Scotia Health Authority had to notify almost 3000
people about a breach of health information after a successful
phishing attack on an employee. The province was also the recipient of
the Electronic Frontier Foundation's 2019 What the Swat? Award after
it arrested a teenager for downloading 7000 sensitive documents from
publicly accessible URLs on its website. It later dropped the charges.