Politicians are demanding action following the Nova Scotia Power ransomware attack, with the Liberals calling for an emergency meeting with the utility’s executives.
Interim Liberal Leader Derek Mombourquette said Thursday the matter is an urgent one considering the personal information of 280,000 customers has been compromised.
Mombourquette said Nova Scotians deserve answers and the utility’s executives should appear before the all-party public accounts committee to provide them.
“This is an opportunity for Nova Scotia Power to speak publicly on what took place and explain to Nova Scotians — as [Nova Scotia Power] asks for more money on their rates — what happened,” Mombourquette told reporters in Halifax.
Nova Scotia Power announced the security breach in late April and confirmed last week it was the victim of a ransomware attack and that hackers who stole data published it on the dark web.
The roughly 280,000 customers it has sent letters to warning about the attack represents more than half of the utility’s customers in the province.
The president of Nova Scotia Power said no ransom has been paid and the utility is working with cybersecurity experts as it investigates the situation.
In a letter to the chair of public accounts, Mombourquette requested that Nova Scotia Power leadership appear before the committee for an examination into what he has described as “one of the most significant privacy breaches in Nova Scotia’s history.”
NDP Leader Claudia Chender said the cyber attack is “scary” and another reminder people need to take steps to protect their personal information.
She is in favour of a comprehensive examination of what happened.
“We absolutely support a deeper probe from government into how this happened, how it is being dealt with, and making sure it never happens again,” Chender said.
The chair of the committee, NDP MLA Susan Leblanc, agreed the matter is urgent “and deserves discussion.”
Committee members are now being asked to vote on whether to try to schedule a meeting for next week. It needs to be unanimous for that to happen.
Stolen social security numbers
Nova Scotia Power’s CEO said Thursday up to 140,000 social insurance numbers could have been stolen in the attack.
Peter Gregg told The Canadian Press that the privately owned utility collected the numbers from customers to authenticate their identities. He said social insurance numbers were in about half of the 280,000 customer records breached by cyber-criminals and released onto the dark web.
Cybersecurity expert Claudiu Popa said it’s worth asking why the company would need this kind of personal information. The founder of the non-profit group KnowledgeFlow said there are less risky ways of identifying customers.
The federal government’s website says each nine-digit number represents a unique identifier for work applications and government records, and it advises people not to share the number unless it’s legally required.
Thieves can use the number to commit fraud, such as illegally accessing government benefits and tax refunds.
Nova Scotia Cyber Security Minister Jill Balser is encouraging those who received alerts from Nova Scotia Power to sign up for the credit monitoring service and do things like change passwords to their accounts.
Balser said Thursday resources and help are also available from her department.
“I want us to be a place where Nova Scotians can get that support,” Balser said.
