Nova Scotia Power Suffers Major Data Breach

Uploaded on 2025-05-08 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

Canadian electric utility Nova Scotia Power (NSP) and its parent company Emera has said that it has recently been hit a significant data security incident that compromised the sensitive personal information of its customers. 

In an immediate response, impacted servers were shut down and isolated to prevent further intrusion, however, the attack caused notable service disruptions, including the shutdown of the utility’s customer service phone line and online portal, vital tools for more than half a million Nova Scotians who rely on the company for power.

“On April 25, we detected unusual activity on our network and immediately initiated our incident response plan. This included taking steps to contain the incident, launching a thorough investigation with the help of external cyber security experts, and working to restore affected systems safely and securely." reads the NSP statement. “While our investigation is ongoing, we have identified that certain customer personal information was accessed and taken by an unauthorised third party”, it said.

NSP has not disclosed any more details of this breach that has forced the company to pause billing and led to the shutdown of its online customer portal, nor has it said what other systems have been hit.

From it’s HQ in Halifax, Canada, NSP it is the primary electricity provider in Nova Scotia province and supplies  over half a million customers. It is privately owned by Emera and regulated by the provincial government via the Nova Scotia Utility and Review Board.

NSP has said it immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took steps to contain the incident, secured the affected systems and notified relevant law enforcement authorities about the same. “While our investigation is ongoing, we have identified that certain customer personal information was accessed and taken by an unauthorised third party,” NSP said. 

While NSP is yet to share the nature of the incident or how much data was compromised, the company said that the incident did not disrupt any of its Canadian physical operations. The incident, however, affected NSP’s billing and its online customer portal MyAccount and the company will rectify any potential for duplicate payments.

So far, no known hacker group claimed responsibility for the cyber attack and so far the electricity provider has not shared details on who they think was behind the attack, how much data was compromised, or whether it has received a ransom demand.

The company has assured its customers to share more details about the incident as the investigation progresses.  

One of the reasons so little information has been released is the company might not know yet exactly what happened, and digital forensics can take a long time. It's also likely those behind the cyber attack are still active in the systems.

NSPower    |   TEISS   |   CBC  |   Economic Times   |   Security Week  

Image: @nspowerinc

You Might Also Read: 

Ransomware Attacks On The Energy Sector Surging:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible


 

« Reimagining Cybersecurity In The Age Of Organised Threats
Biggest Data Breaches Of The Last 15 Years [extract] »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ZDL Group

ZDL Group

At ZDL (formerly ZeroDayLab) we take a comprehensive view of our clients cyber security risks and provide quality services to address those risk

SCIS Security

SCIS Security

SCIS Security provides affordable cyber security services and solutions to small to medium sized businesses and homes.

Mitre

Mitre

At Mitre we work across government to tackle challenges to the safety, stability, and well-being of our nation. Areas of expertise include Cybersecurity.

Technology Law Alliance (TLA)

Technology Law Alliance (TLA)

Technology Law Alliance is a specialist IT law firm focussed on the fields of technology, outsourcing and e-commerce.

Measured Insurance

Measured Insurance

Measured Insurance are bridging the gap between technology and Insurance using AI-Powered analytics that track clients’ exposure in real time to create smarter insurance products.

SecureStack

SecureStack

SecureStack helps software developers find security & scalability gaps in their web applications and offers ways to fix those gaps without forcing those developers to become security experts.

Athreon

Athreon

Athreon utilizes a fusion of AI technology, human interpretation, and the latest in cybersecurity to deliver sound business solutions that help our clients make better data-driven decisions.

UK Cyber Security Council (UKCSC)

UK Cyber Security Council (UKCSC)

The role of The UK Cyber Security Council is to champion the cybersecurity profession across the UK, provide representation for the industry, accelerate awareness and promote excellence.

ConnectSecure

ConnectSecure

ConnectSecure (formerly CyberCNS) is a global cybersecurity company that delivers tools to identify and address vulnerabilities and manage compliance requirements.

Mitnick Security

Mitnick Security

Mitnick Security is a leading global provider of information security consulting and training services.

Quantum Star Technologies

Quantum Star Technologies

Quantum Star Technologies has developed Starpoint to be a next-next-generation solution to cyber security threats. Our mission is to secure the online world through our patented technology.

EdgeWatch

EdgeWatch

EdgeWatch is a platform that helps information accredited security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

Access Talent Today

Access Talent Today

Access Talent Today is an AI/ML and cyber security talent provider.

DeltaSpike

DeltaSpike

DeltaSpike empowers individuals and organizations worldwide through its comprehensive cybersecurity solutions.

ReformIT

ReformIT

ReformIT is a Managed IT Service and Security provider with many years experience helping companies find the right IT solutions to meet the needs of their businesses.

Neeve

Neeve

Neeve is an edge cloud platform transforming smart buildings and spaces, making them more secure, smarter, and more sustainable.