Exploit: Accidental data exposure
Workers’ Compensation Board of Nova Scotia: Province-level workplace safety organization
Risk to Small Business: 2.027 = Severe
An employee inadvertently posted unredacted claims online, exposing personal information from several compensation claims made to the board. The organization was notified of the privacy breach by the media and removed the documents from the internet. However, the information was readily available online, making it unclear who could have accessed this information and what they will do with the data. This isn’t the organization’s first data privacy breach, making its inability to guard against a data breach especially problematic.
Individual Risk: 2.201 = Severe
The breach exposed the names, personal information, and case details for an unknown number of claimants. Since these filings often include information that could be embarrassing or problematic if exposed to the public, and the information could be used in future fraud attempts. Those affected should carefully monitor their accounts for unusual or suspicious communications.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Insider threats frequently pose a risk to data security. Both accidental and malicious data misuse can have steep consequences for companies and consumers, making internal data management standards an essential component of your cybersecurity strategy. The Workers’ Compensation Board has promised to update their practices to eliminate this threat in the future, and organizations should learn from their mistakes by guarding against insider threats before an incident occurs.