- Cyber Syrup
- Posts
- Nova Scotia Power Confirms Ransomware Attack, Customer Data Compromised
Nova Scotia Power Confirms Ransomware Attack, Customer Data Compromised
Canadian electric utility Nova Scotia Power has confirmed that a ransomware attack was responsible for a data breach
In partnership with
CYBER SYRUP
Delivering the sweetest insights on cybersecurity.
You’ve never experienced business news like this
Morning Brew delivers business news the way busy professionals want it — quick, clear, and written like a human.
No jargon. No endless paragraphs. Just the day’s most important stories, with a dash of personality that makes them surprisingly fun to read.
No matter your industry, Morning Brew’s daily email keeps you up to speed on the news shaping your career and life—in a way you’ll actually enjoy.
Best part? It’s 100% free. Sign up in 15 seconds, and if you end up missing the long, drawn-out articles of traditional business media, you can always go back.
Nova Scotia Power Confirms Ransomware Attack, Customer Data Compromised
Canadian electric utility Nova Scotia Power has confirmed that a ransomware attack was responsible for a data breach initially disclosed in late April. The company, a subsidiary of Emera Inc., revealed that personal information belonging to hundreds of thousands of customers was stolen by attackers, although power services were not disrupted.
Timeline of the Incident
April 28, 2025: Nova Scotia Power and Emera disclosed that their systems had been targeted in a cyber incident.
May 1, 2025: It was confirmed that some customer data had been accessed by threat actors.
May 14, 2025: The company notified customers that extensive personal information had been compromised.
May 23, 2025: Nova Scotia Power publicly confirmed that the breach was part of a sophisticated ransomware attack.
Data Compromised
The breach affected approximately 280,000 customers out of Nova Scotia Power's 550,000-customer base. The stolen data includes:
Full names
Dates of birth
Phone numbers
Email addresses
Mailing and service addresses
Power consumption data
Service request history
Billing, payment, and credit records
Driver’s license numbers
Social Insurance Numbers (SINs)
Bank account details used for pre-authorized payments
Such detailed personal and financial information poses a significant risk of identity theft and financial fraud for affected individuals.
Company Response and Ongoing Investigation
In its most recent update, Nova Scotia Power confirmed that no ransom payment was made to the threat actors, citing sanctions laws and law enforcement guidance as guiding factors.
“No payment has been made to the threat actor,” the utility stated. “This decision reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance.”
Additionally, the company acknowledged that stolen data has been published online, although the specific platform or ransomware group responsible has not yet been identified.
Nova Scotia Power is currently working with cybersecurity experts to assess the full scope of the breach. At the time of writing, no known ransomware group has claimed responsibility on their leak sites, a common tactic used to pressure victims into paying.
Service Impact and Critical Infrastructure
Despite the significant data breach, the company confirmed that electricity generation, transmission, and distribution services were not affected. This aligns with broader concerns in the cybersecurity community about the resilience of critical infrastructure amid growing cyber threats.
Power grids have been a recurring target for state-sponsored threat actors and financially motivated ransomware groups. Vulnerabilities in industrial control systems and IT/OT convergence make utilities like Nova Scotia Power attractive targets for both espionage and disruption campaigns.
Broader Implications for Critical Infrastructure Security
This incident underscores the increasingly blurred lines between cyberattacks that target information systems and those that could potentially impact operational technology (OT) in critical infrastructure sectors. Although this attack was limited to customer data, it reveals how threat actors are exploiting trusted utility providers for both financial gain and potential strategic advantage.
The use of ransomware—where data is not only encrypted but also exfiltrated—has become a prevalent tactic. Victims are often double extorted, with attackers threatening to leak stolen data even if the ransom is not paid.
Next Steps for Affected Customers
Nova Scotia Power has stated it is actively notifying affected individuals. Customers are advised to:
Monitor credit reports and financial accounts for unusual activity
Consider placing a fraud alert or credit freeze with major credit bureaus
Be vigilant for phishing emails and phone scams using stolen personal information
Update online passwords, especially if similar credentials were used for their utility accounts
Conclusion
The Nova Scotia Power ransomware incident serves as a stark reminder that critical infrastructure providers are prime targets for cybercriminals. While the power grid itself remained unaffected, the exposure of sensitive personal and financial data highlights the broader risk landscape facing essential services.
As investigations continue, collaboration between utility companies, cybersecurity experts, and law enforcement will be vital in mitigating further risks and ensuring affected individuals are supported.