Nova Scotia Power Suffers Major Data Breach

Uploaded on 2025-05-08 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

Canadian electric utility Nova Scotia Power (NSP) and its parent company Emera has said that it has recently been hit a significant data security incident that compromised the sensitive personal information of its customers. 

In an immediate response, impacted servers were shut down and isolated to prevent further intrusion, however, the attack caused notable service disruptions, including the shutdown of the utility’s customer service phone line and online portal, vital tools for more than half a million Nova Scotians who rely on the company for power.

“On April 25, we detected unusual activity on our network and immediately initiated our incident response plan. This included taking steps to contain the incident, launching a thorough investigation with the help of external cyber security experts, and working to restore affected systems safely and securely." reads the NSP statement. “While our investigation is ongoing, we have identified that certain customer personal information was accessed and taken by an unauthorised third party”, it said.

NSP has not disclosed any more details of this breach that has forced the company to pause billing and led to the shutdown of its online customer portal, nor has it said what other systems have been hit.

From it’s HQ in Halifax, Canada, NSP it is the primary electricity provider in Nova Scotia province and supplies  over half a million customers. It is privately owned by Emera and regulated by the provincial government via the Nova Scotia Utility and Review Board.

NSP has said it immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took steps to contain the incident, secured the affected systems and notified relevant law enforcement authorities about the same. “While our investigation is ongoing, we have identified that certain customer personal information was accessed and taken by an unauthorised third party,” NSP said. 

While NSP is yet to share the nature of the incident or how much data was compromised, the company said that the incident did not disrupt any of its Canadian physical operations. The incident, however, affected NSP’s billing and its online customer portal MyAccount and the company will rectify any potential for duplicate payments.

So far, no known hacker group claimed responsibility for the cyber attack and so far the electricity provider has not shared details on who they think was behind the attack, how much data was compromised, or whether it has received a ransom demand.

The company has assured its customers to share more details about the incident as the investigation progresses.  

One of the reasons so little information has been released is the company might not know yet exactly what happened, and digital forensics can take a long time. It's also likely those behind the cyber attack are still active in the systems.

NSPower    |   TEISS   |   CBC  |   Economic Times   |   Security Week  

Image: @nspowerinc

You Might Also Read: 

Ransomware Attacks On The Energy Sector Surging:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible


 

« Security First In An AI Era
Biggest Data Breaches Of The Last 15 Years [extract] »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Hogan Lovells

Hogan Lovells

Hogan Lovells is an international business law firm with offices across Europe, Asia and the USA. Practice areas include Privacy & Cybersecurity.

Dcoya

Dcoya

Dcoya's complete security awareness training program gives you out-of-the-box compliance with PCI-DSS, HIPAA, SOX and ISO regulations.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

Fraud.com

Fraud.com

Fraud.com ensures trust at every step of the customer's digital journey; this complete end-to-end protection delivers unified identity, authentication and fraud detection and prevention.

SoSafe

SoSafe

SoSafe empowers organizations to build a security culture and mitigate risk with its GDPR-compliant awareness programs.

CyberQ Group

CyberQ Group

CyberQ is an award winning cyber security consultancy and services provider and an innovator in Artificial Intelligence and Automated Cyber Security.

Beyond Identity

Beyond Identity

Beyond Identity employs an elegantly simple concept, the personal certificate authority and self signed certificates, to replace passwords.

Sovrin Foundation

Sovrin Foundation

The Sovrin Foundation is a private-sector, international non-profit that was established to govern the world's first self-sovereign identity (SSI) network.

Cipher

Cipher

Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of Managed Security Services.

Gigit

Gigit

Gigit’s Service portfolio focuses on your business’ needs and the integration of comprehensive cybersecurity policies, plans, procedures, and practices into your business culture and operations.

Synamic Technologies

Synamic Technologies

Synamic Technologies was founded in 2018 as a start-up to automate cyber security processes. Our CISOSCOPE product automates vulnerability management, risk management and compliance.

Global Cybersecurity Association (GCA)

Global Cybersecurity Association (GCA)

GCA’s Symposium and conferences featuring global thought leaders and CISOs provide a global best practice perspective on cybersecurity.

Xmirror Security

Xmirror Security

Xmirror Security focuses on integrated detection and defense of the continuous threat to the DevSecops software supply-chain with artificial intelligence technology as the core.

Locuz

Locuz

At Locuz, we’ve made it our mission to help businesses like yours create an actionable digital strategy.

NVISO Security

NVISO Security

NVISO is a pure-play cyber security consulting firm, focused mainly on the Financial Sector, the Technology Sector, and Government & Critical Infrastructure.

Triskele Labs

Triskele Labs

Triskele Labs deliver services including Penetration Testing, Compliance and Risk Management through to 24*7*365 Security Operations and outsourced Cybersecurity Managers.