Nova Scotia Power Confirms Data Breach

Nova Scotia Power, one of Canada’s largest utility providers, has confirmed it suffered a significant data breach following a cyberattack discovered last month.

The Halifax-based company, a subsidiary of Emera Inc., revealed that threat actors gained unauthorized access to portions of its network and servers supporting business operations. While electricity generation and distribution remained unaffected, internal systems faced disruption due to the incident response.

The breach was initially detected on April 28, but further investigation revealed the intrusion began over a month earlier — on March 19. On May 1, the company determined that sensitive customer data had likely been stolen. That finding was confirmed in an update issued yesterday.

What was exposed in Breach

• Full names

• Phone numbers

• Email addresses

• Mailing and service addresses

• Program participation details

• Dates of birth

• Customer account histories, including power consumption, billing, payments, credit info, and correspondence

• Driver’s license numbers

• Social Insurance Numbers

• Bank account numbers (in some cases)

The utility serves over 500,000 customers across Nova Scotia and maintains 95% of the provincial electricity market. It delivers more than 10,000 GWh of energy annually via a 32,000-kilometer (20,000-mile) grid.

Impacted customers began receiving notification letters by mail this week. Nova Scotia Power says there’s no evidence the data has been misused but is offering two years of free credit monitoring and support services.

No ransomware group has claimed responsibility for the breach as of now.

Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news