HALIFAX – The person responsible for the Nova Scotia government’s cybersecurity is taking the media to task for ‘sensationalizing’ its recent reporting involving a provincial data security breach that has resulted in criminal charges.
Robert Samuel, Chief Information Security Officer with the province, took to his LinkedIn page Sunday to share an article about the recent breach of Nova Scotia’s Freedom of Information portal, a piece he deemed the “first written about this incident without dogmatism or unfounded bias.”
“As you contemplate incidents and breaches across the world, heed these assumptions,” Samuel continues, leaving a list: “You may not have all off the facts; the media sensationalize information to increase readership; determining attribution is one piece of the puzzle, determining intent is another.”
He finishes the post asking those who would like to “responsibly report potential security bugs in any Nova Scotia public facing services,” to message him and work with business owners to mitigate risk.
Samuel did not respond to a request for comment from News 95.7 in connection to the post, how the media has sensationalized the reporting or what information the public doesn’t have about the case.
The post was taken down within hours of that request being made on Monday.
The Department of Internal Services also did not respond to a request for comment about the post.
According to Samuel’s LinkedIn page, he’s been in the province’s CISO position since 2016, noting in his job description he is “accountable for the establishment, implementation and maintenance” of the province’s cybersecurity program and services.
No public comments have been made from IT officials or the government on how the breach involving roughly 7,000 documents with personal information happened or concrete plans to fix existing flaws.
He faces one charge of unauthorized use of a computer, which carries a maximum sentence of ten years, but recently told the CBC he had no malicious intent when he downloaded information from the site for research purposes. He said he actually discovered the information through a typing error.
The government initially said the suspect had stolen the files but have since softened that stance and have said police will determine what happened, shifting its focus to fixing flaws within the website.
The province’s notification of those affected by the breach has also come under scrutiny, as while it was revealed earlier this month, the breach actually happened a month earlier, between Mar. 3 and 5.
Police have been tight-lipped surrounding details of the case but Supt. Jim Perrin said in a news conference last week that police have yet to provide a sworn information in court and that "when the investigation is concluded we'll probably have more to say about it."
Auditor General Michael Pickup’s office also confirmed Monday he has been asked to help with work on the breach, which is on top of an investigation underway by privacy commissioner Catherine Tully.
In a letter to Pickup that requests his help, Internal Services Minister Patricia Arab notes the government will work with both offices throughout the course of their ongoing probes and share any information deemed “appropriate.”
The portal remained down as of Monday evening.