Nova Scotia Power Confirms Ransomware Attack and Data Breach Impacting 280,000 Customers

Nova Scotia Power, a major Canadian electric utility, has confirmed it was the victim of a ransomware attack in April 2025 that has impacted hundreds of thousands of customers. While no power outages occurred, the company reports that the attack has disrupted communication between customer power meters and its internal systems, resulting in temporary billing issues and a significant data breach.

Impact on Services

Although power meters continue to accurately collect usage data, the compromised communication has interfered with data transmission to the company’s billing systems. In response:

• Billing was temporarily paused, and has now resumed.

• Most customers are receiving estimated bills until full system functionality is restored.

Despite the disruption, energy services have remained uninterrupted, and customers are still being charged fairly based on historical consumption data.

Scope of the Data Breach

The ransomware attack led to the theft of sensitive customer information, including:

• Full name

• Date of birth

• Email address and phone number

• Mailing address

• Power usage and billing data

• In some cases: driver’s license numbers, Social Insurance Numbers, and bank account details

To date, approximately 280,000 customers have been confirmed affected, out of the company’s 550,000 customer base.

Cross-Border Implications

Although Nova Scotia Power operates exclusively in Canada, its parent company Emera serves 2.6 million customers across North America, including parts of the United States.

As part of the investigation:

• The Maine Attorney General’s Office was notified that 377 Maine residents were affected.

• Former customers are also impacted, not just those currently receiving electricity from the utility.

The total number of U.S.-based individuals affected remains unknown, but notifications are being issued to all impacted parties.

Who's Behind the Attack?

As of now, no known ransomware group has claimed responsibility for the breach. Nova Scotia Power has not disclosed technical details about the incident or the ransom demands, if any. The investigation is ongoing in coordination with cybersecurity experts and law enforcement.

Takeaway

This incident underscores the growing threat of ransomware attacks on critical infrastructure, even when core services like electricity remain operational. The exfiltration of personal data raises concerns not only for customers but also for related entities across borders.

What You Can Do

• Monitor bank accounts and credit reports for suspicious activity.

• Enable fraud alerts with financial institutions if affected.

• Beware of phishing emails pretending to be from Nova Scotia Power.

• Follow official updates on the utility’s website for support and identity protection services.