Full Report
Nova Scotia’s largest electric utility, Nova Scotia Power, has confirmed that customer information was stolen in a recent cyberattack that compromised parts of its IT systems. The company, along with its Halifax-based parent firm Emera, discovered the Nova Scotia Power data breach on April 25, 2025, prompting immediate action to isolate and secure the affected servers. In an official update shared on Wednesday, Nova Scotia Power revealed that the cyber incident had resulted in unauthorized access to sensitive customer information. According to their investigation, the Nova Scotia Power cyberattack occurred on or around March 19, 2025, nearly five weeks before it was detected. Nova Scotia Power Data Breach: Investigation and Response Underway Nova Scotia Power stated it is working closely with external cybersecurity experts to assess the extent of the data breach and to restore and rebuild impacted systems. “We are continuing to investigate the cyber incident that has affected certain IT systems in our network,” the company said in its public communication. “Our priority is to safely and securely restore operations while protecting customer information.” Though the investigation is still ongoing, Nova Scotia Power has confirmed that an unauthorized third party accessed and stole certain customer data from the affected servers. Physical operations—such as power generation, distribution, and transmission—were not impacted, and customers are still receiving uninterrupted electric service. Types of Data Compromised The stolen information varies by individual and is based on what each customer had previously provided to the company. The affected data may include: Full name Phone number Email address Mailing and service addresses Participation in Nova Scotia Power programs Date of birth Customer account history (including power consumption, service requests, payment and billing records, credit history, and past customer support communication) Driver’s license number Social Insurance Number (SIN) Bank account numbers (for those enrolled in pre-authorized payments) While there is currently no evidence that the stolen information has been misused, the company is urging customers to remain alert for potential fraud or scams that may follow. Support for Affected Customers To support impacted individuals, Nova Scotia Power is offering a free two-year subscription to TransUnion’s myTrueIdentity® credit monitoring service. Affected customers will receive notification letters by mail with details about what information was exposed and how to activate the complimentary monitoring service. “If you receive a letter from us, it will contain a dedicated phone number you can call to ask questions and enroll in the credit monitoring service,” the company said in its announcement. This service is intended to help individuals detect any suspicious activity tied to their identity or financial information. Increase in Fraud Attempts Since the incident, Nova Scotia Power has noticed a surge in fraudulent messages and phishing attempts that appear to come from the utility company. These include fake emails, text messages, social media posts, and websites impersonating Nova Scotia Power. On its official website and social media, the company has issued a clear warning: “Due to the recent cyber incident, there has been an increase in fraudulent communications posing as Nova Scotia Power. Please remain cautious of any unsolicited messages asking for your personal information. Do not click on links or download attachments from unverified sources.” The company advises customers to confirm any suspicious communication by contacting their Customer Care Centre directly through verified contact details listed on their official website. [caption id="attachment_102718" align="aligncenter" width="1024"] Source: Nova Scotia Power Official Website[/caption] Social Media Update Nova Scotia Power also used its official X (formerly Twitter) account to share updates. A thread posted on Wednesday reiterated the company's apology and reassured customers that every effort is being made to protect their privacy. “We sincerely apologize that this has occurred. Protecting the privacy and security of the information we hold is of the utmost importance to every member of our team,” the company stated. “Starting today, notifications will be sent to impacted individuals via mail. While we have no evidence of misuse of personal information, we have arranged for a two-year subscription to TransUnion’s myTrueIdentity® credit monitoring service at no cost.” [caption id="attachment_102717" align="aligncenter" width="295"] Source: X[/caption] As part of its ongoing efforts, Nova Scotia Power’s IT team is working around the clock with external cybersecurity specialists to rebuild affected systems, improve security measures, and prevent future incidents. The utility emphasized that safeguarding customer data remains a top priority. It encourages customers to practice good cyber hygiene by: Verifying the source of any unexpected communication Not sharing personal information over phone, text, or email unless certain of the recipient’s identity Monitoring financial accounts for unusual activity Activating the provided credit monitoring service if notified What You Should Do If you are a Nova Scotia Power customer and suspect your information may be involved: Watch for a mailed letter from the company with detailed instructions. Enroll in the free two-year credit monitoring service offered through TransUnion. Report any suspicious communications claiming to be from Nova Scotia Power. Contact Nova Scotia Power’s Customer Care Centre if you are unsure about the authenticity of a message. While physical infrastructure was unaffected in Nova Scotia Power cyberattack, the exposure of personal customer data reveals how critical IT security has become in the utility sector. As investigations continue, this cyberattack on Nova Scotia Power highlights the urgent need for stronger data protection practices, real-time dark web monitoring, and faster breach detection.
Analysis Summary
# Incident Report: Nova Scotia Power Customer Data Compromise
## Executive Summary
Nova Scotia Power (NSP) suffered a cyberattack resulting in the compromise of customer data. While physical infrastructure remained unaffected, the incident exposed personal information belonging to thousands of customers. NSP is actively working with external specialists to rebuild systems, has initiated customer notification via mail, and offered two years of free credit monitoring.
## Incident Details
- **Discovery Date:** Undisclosed (Implied to be prior to May 15, 2025, based on reporting date)
- **Incident Date:** Undisclosed
- **Affected Organization:** Nova Scotia Power (NSP)
- **Sector:** Utility (Power/Energy)
- **Geography:** Nova Scotia, Canada
## Timeline of Events
### Initial Access
- **Date/Time:** Undisclosed
- **Vector:** Not explicitly detailed in the source material, but the impact suggests a compromise allowing access to customer data systems.
- **Details:** The exact vector is not specified.
### Lateral Movement
- **Details:** Undisclosed. Attackers successfully accessed systems containing customer records.
### Data Exfiltration/Impact
- **Details:** Personal customer data was compromised. The company stated there is "no evidence of misuse of personal information."
- **Impact:** Exposure of customer personal information affecting thousands of individuals.
### Detection & Response
- **Details:** NSP's IT team detected the incident and engaged external cybersecurity specialists. Notifications to impacted individuals were scheduled to begin by mail on the report date.
- **Response actions taken:** Customer notifications via mail, arrangement for two-year TransUnion myTrueIdentity® credit monitoring, and rebuilding affected systems.
## Attack Methodology
- **Initial Access:** Not specified.
- **Persistence:** Not specified.
- **Privilege Escalation:** Not specified.
- **Defense Evasion:** Not specified.
- **Credential Access:** Not specified.
- **Discovery:** Not specified.
- **Lateral Movement:** Not specified.
- **Collection:** Customer data records were gathered.
- **Exfiltration:** Implied data exfiltration or unauthorized access leading to exposure.
- **Impact:** Exposure of Personally Identifiable Information (PII) contained within customer data systems.
## Impact Assessment
- **Financial:** Costs associated with incident response, external specialists, and providing two years of credit monitoring.
- **Data Breach:** Personal customer data was exposed (specific volume/type not detailed, only that personal information was involved).
- **Operational:** Physical infrastructure was unaffected. Impact pertains primarily to IT/administrative systems integrity and data security.
- **Reputational:** Negative impact due to public disclosure of a significant data breach affecting customer trust.
## Indicators of Compromise
* **Network indicators:** None provided (defanged).
* **File indicators:** None provided.
* **Behavioral indicators:** None provided.
## Response Actions
- **Containment measures:** External cybersecurity specialists were engaged to assist the IT team. Affected systems were being rebuilt.
- **Eradication steps:** Not detailed, but implied work is in progress to remove attacker presence and secure systems.
- **Recovery actions:** Rebuilding affected systems and implementing improved security measures.
## Lessons Learned
- The utility sector is critically dependent on IT security, as evidenced by this event where customer data was exposed despite physical infrastructure remaining secure.
- Current data protection practices require immediate strengthening.
- The need for faster breach detection capabilities was highlighted.
## Recommendations
- Strengthen data protection practices concerning customer PII storage and access controls.
- Implement or enhance real-time dark web monitoring capabilities to detect exposure early.
- Review and improve breach detection mechanisms to reduce dwell time.
- Enhance customer communication protocols for breach notification (mailing notifications are a necessary step, but supplementary digital communication should be considered if possible and secure).