Nova Scotia Power Suffers Major Data Breach

Uploaded on 2025-05-08 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

Canadian electric utility Nova Scotia Power (NSP) and its parent company Emera has said that it has recently been hit a significant data security incident that compromised the sensitive personal information of its customers. 

In an immediate response, impacted servers were shut down and isolated to prevent further intrusion, however, the attack caused notable service disruptions, including the shutdown of the utility’s customer service phone line and online portal, vital tools for more than half a million Nova Scotians who rely on the company for power.

“On April 25, we detected unusual activity on our network and immediately initiated our incident response plan. This included taking steps to contain the incident, launching a thorough investigation with the help of external cyber security experts, and working to restore affected systems safely and securely." reads the NSP statement. “While our investigation is ongoing, we have identified that certain customer personal information was accessed and taken by an unauthorised third party”, it said.

NSP has not disclosed any more details of this breach that has forced the company to pause billing and led to the shutdown of its online customer portal, nor has it said what other systems have been hit.

From it’s HQ in Halifax, Canada, NSP it is the primary electricity provider in Nova Scotia province and supplies  over half a million customers. It is privately owned by Emera and regulated by the provincial government via the Nova Scotia Utility and Review Board.

NSP has said it immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took steps to contain the incident, secured the affected systems and notified relevant law enforcement authorities about the same. “While our investigation is ongoing, we have identified that certain customer personal information was accessed and taken by an unauthorised third party,” NSP said. 

While NSP is yet to share the nature of the incident or how much data was compromised, the company said that the incident did not disrupt any of its Canadian physical operations. The incident, however, affected NSP’s billing and its online customer portal MyAccount and the company will rectify any potential for duplicate payments.

So far, no known hacker group claimed responsibility for the cyber attack and so far the electricity provider has not shared details on who they think was behind the attack, how much data was compromised, or whether it has received a ransom demand.

The company has assured its customers to share more details about the incident as the investigation progresses.  

One of the reasons so little information has been released is the company might not know yet exactly what happened, and digital forensics can take a long time. It's also likely those behind the cyber attack are still active in the systems.

NSPower    |   TEISS   |   CBC  |   Economic Times   |   Security Week  

Image: @nspowerinc

You Might Also Read: 

Ransomware Attacks On The Energy Sector Surging:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible


 

« Security First In An AI Era
Biggest Data Breaches Of The Last 15 Years [extract] »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

High-Tech Bridge

High-Tech Bridge

High-Tech Bridge SA is a Swiss MSSP provider offering security auditing, source code review and computer forensics.

National Trading Standards eCrime Team (NTSeCT) - United Kingdom

National Trading Standards eCrime Team (NTSeCT) - United Kingdom

The National Trading Standards eCrime Team tackles online consumer scams, rip-offs and fraud, as well as those committed by text or email.

LexisNexis Risk Solutions

LexisNexis Risk Solutions

LexisNexis Risk Solutions provides technology solutions for Anti-Money Laundering, Fraud Mitigation, Anti-Bribery and Corruption, Identity Management, Tracing and Investigation.

Cyber Senate

Cyber Senate

Cyber Senate is dedicated to bringing Operators of Essential Services together with global subject matter experts to address the challenges of evolving cyber threats to critical infrastructure.

BTWorks

BTWorks

BTWorks provides identity management and anti-phishing / smishing solutions for web and mobile apps.

CompliancePoint

CompliancePoint

We design and implement strategies, processes & procedures to mitigate risk, reach compliance goals, protect data assets, and meet industry standards.

Simula Research Laboratory

Simula Research Laboratory

Simula Research Laboratory carries out research in the fields of communication systems, scientific computing and software engineering.

Altron

Altron

Altron provides locally relevant innovative and integrated ICT solutions to business, government and consumers.

Key Cyber Solutions

Key Cyber Solutions

Key Cyber is an IT consulting firm that specializes in agile software development services, program management and infrastructure services, cyber security and cloud and managed services.

Trilateral Research

Trilateral Research

Trilateral Research provide regulatory and policy advice; develop new data-driven technologies and contribute to the latest standards in safeguarding privacy, ethics and human rights.

CERT.JE

CERT.JE

CERT.JE is responsible for promoting and improving the cyber resilience across the critical national infrastructure, business communities and citizens in Jersey.

Astute Technology Management

Astute Technology Management

Astute Technology Management helps businesses take control of their technology and work with greater confidence.

FOSSA

FOSSA

FOSSA is a leading SBOM (software bill of materials) and software supply chain risk management platform.

CyFox

CyFox

CYFOX is at the forefront of cybersecurity innovation, specializing in providing cutting-edge AI-driven solutions tailored for any businesses.

BeckTek

BeckTek

BeckTek specialize in IT Cyber Security & Support, helping clients run their businesses faster, easier and more profitably.

Axiler

Axiler

Axiler’s AI-driven self-healing architecture seamlessly detect, patch, and neutralize threats in real-time, ensuring systems remain secure and ever-adaptable.