Nova Scotia Power, the largest electricity provider in the province, confirmed on Friday, May 23, 2025, that it has been the victim of a sophisticated ransomware attack.
The breach, first detected on April 25, was later traced back to March 19, when threat actors gained unauthorized access to segments of the company’s Canadian network and servers supporting business applications.
The attack disrupted key IT systems, including the billing and payment platforms, MyAccount customer portal, and online outage reporting service, though electricity generation and delivery were not affected.
The hackers exfiltrated sensitive customer data and subsequently published it online after Nova Scotia Power refused to pay the ransom, citing compliance with sanctions laws and law enforcement guidance.
Technical Terms and Codes
- Ransomware: A type of malicious software that encrypts a victim’s files and demands payment for the decryption key.
- Exfiltration: The unauthorized transfer of data from a system.
- Dark Web: An encrypted part of the internet used for anonymous communication, often associated with illegal activities.
- Sanctions Compliance: Adhering to legal restrictions on payments to certain entities or countries, often due to government-imposed sanctions.
Data Compromised: What Was Stolen?
Investigations revealed that approximately 280,000 customers out of Nova Scotia Power’s 550,000 had their personal information compromised.
The stolen data includes:
- Full names
- Phone numbers
- Email addresses
- Mailing and service addresses
- Date of birth
- Customer account history (including power consumption, service requests, billing, payment, and credit history)
- Driver’s license numbers
- Social insurance numbers (SIN)
- Bank account numbers (for those on autopay)
The following table summarizes the types of data affected:
| Data Type | Description | Potential Risk |
|---|---|---|
| Name, DOB, Contact | Basic identification and communication info | Identity theft, phishing |
| Address | Mailing and service locations | Targeted scams |
| Account History | Usage, billing, payment, credit info | Fraud, social engineering |
| Driver’s License, SIN | Government-issued identifiers | Identity fraud |
| Bank Account Numbers | For autopay customers | Financial theft |
Response, Customer Support, and Security Lessons
Nova Scotia Power has taken several steps in response to the breach:
- No Ransom Paid: The company made no payment to the attackers, in line with legal and law enforcement advice.
- Customer Notification: Impacted customers have been notified by mail, with details on resources and support.
- Credit Monitoring: All affected individuals are offered a free two-year subscription to TransUnion’s myTrueIdentity® credit monitoring service.
- System Restoration and Hardening: The utility is working with third-party cybersecurity experts to restore affected systems and bolster security defenses.
Security Recommendations for Customers
Nova Scotia Power urges customers to:
- Enroll in the offered credit monitoring service.
- Remain vigilant against unsolicited communications, especially those requesting personal information or containing suspicious links.
- Avoid clicking on unknown links or downloading attachments unless verified as legitimate.
Industry Implications
Experts warn that the incident is a “canary in the coal mine” for the utility sector, highlighting the vulnerability of critical infrastructure to ransomware and the importance of proactive cybersecurity measures.
The breach underscores the need for robust incident response plans, regular security audits, and compliance with evolving regulatory requirements.
As investigations continue, Nova Scotia Power’s experience serves as a critical lesson for utilities and businesses managing sensitive data in an era of escalating cyber threats.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
