Nova Scotia Power Suffers Major Data Breach

Uploaded on 2025-05-08 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

Canadian electric utility Nova Scotia Power (NSP) and its parent company Emera has said that it has recently been hit a significant data security incident that compromised the sensitive personal information of its customers. 

In an immediate response, impacted servers were shut down and isolated to prevent further intrusion, however, the attack caused notable service disruptions, including the shutdown of the utility’s customer service phone line and online portal, vital tools for more than half a million Nova Scotians who rely on the company for power.

“On April 25, we detected unusual activity on our network and immediately initiated our incident response plan. This included taking steps to contain the incident, launching a thorough investigation with the help of external cyber security experts, and working to restore affected systems safely and securely." reads the NSP statement. “While our investigation is ongoing, we have identified that certain customer personal information was accessed and taken by an unauthorised third party”, it said.

NSP has not disclosed any more details of this breach that has forced the company to pause billing and led to the shutdown of its online customer portal, nor has it said what other systems have been hit.

From it’s HQ in Halifax, Canada, NSP it is the primary electricity provider in Nova Scotia province and supplies  over half a million customers. It is privately owned by Emera and regulated by the provincial government via the Nova Scotia Utility and Review Board.

NSP has said it immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took steps to contain the incident, secured the affected systems and notified relevant law enforcement authorities about the same. “While our investigation is ongoing, we have identified that certain customer personal information was accessed and taken by an unauthorised third party,” NSP said. 

While NSP is yet to share the nature of the incident or how much data was compromised, the company said that the incident did not disrupt any of its Canadian physical operations. The incident, however, affected NSP’s billing and its online customer portal MyAccount and the company will rectify any potential for duplicate payments.

So far, no known hacker group claimed responsibility for the cyber attack and so far the electricity provider has not shared details on who they think was behind the attack, how much data was compromised, or whether it has received a ransom demand.

The company has assured its customers to share more details about the incident as the investigation progresses.  

One of the reasons so little information has been released is the company might not know yet exactly what happened, and digital forensics can take a long time. It's also likely those behind the cyber attack are still active in the systems.

NSPower    |   TEISS   |   CBC  |   Economic Times   |   Security Week  

Image: @nspowerinc

You Might Also Read: 

Ransomware Attacks On The Energy Sector Surging:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible


 

« Security First In An AI Era
Biggest Data Breaches Of The Last 15 Years [extract] »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

JumpCloud

JumpCloud

JumpCloud's Directory-as-a-Service (DaaS) is the single point of authority to authenticate, authorize, and manage the identities of a business’s employees and the systems and IT resources they need.

Titania

Titania

Titania provide network security and compliance software. Find your Network Security gaps before hackers do with our security & compliance tools.

BeDefended

BeDefended

BeDefended is an Italian company operating in IT Security and specialized in Cloud and Application Security with years of experience in penetration testing, consulting, training, and research.

Verifi

Verifi

Verifi is an award-winning provider of end-to-end payment protection and risk management solutions.

Cybeats Technologies

Cybeats Technologies

Cybeats delivers an integrated security platform designed to secure and protect high-valued connected devices.

ETSI

ETSI

ETSI is a European Standards Organization dealing with telecommunications, broadcasting and other electronic communications networks and services including cybersecurity.

ChainSecurity

ChainSecurity

ChainSecurity provides products and services for securing smart contracts and blockchain protocols and conducts R&D in the areas of security, program analysis, and machine learning.

Havoc Shield

Havoc Shield

Havoc Shield is an all-in-one information security platform that includes everything a growing team needs to secure their remote workforce.

Samurai Digital Consulting

Samurai Digital Consulting

Samurai Digital Security are a cyber and Information security services provider, specialising in penetration testing, incident response, user awareness and information governance solutions.

Fortify 24/7

Fortify 24/7

Fortify 24×7 provides a robust portfolio of managed cybersecurity solutions to help you identify and prevent attacks.

Valtix

Valtix

Valtix is the first and only multi-cloud network security platform delivered as a service that enables cloud teams to meet the most stringent security requirements in a cloud-first & simple way.

Fibernet

Fibernet

Fibernet's innovative solutions in the fields of cybersecurity and fiber optics range from telecommunications infrastructure to small business cybersecurity.

Ampcus Cyber

Ampcus Cyber

Ampcus Cyber specialize in providing comprehensive security solutions and services that are tailored to safeguard our clients' networks, infrastructure, and valuable assets.

AUCyber

AUCyber

AUCyber is a leading provider of managed cyber security solutions and consultancy services, specialising in supporting Australian organisations and Government agencies.

Nyx Security Solutions

Nyx Security Solutions

Nyx is committed to excellence in embedded cybersecurity, delivering top-tier secure design, development, and penetration testing services that meet and exceed industry standards.

MirrorTab

MirrorTab

MirrorTab is a cyber security company providing advanced web security solutions that defend web applications against cyber threats like hacking and malware.