Canadian utility company Nova Scotia Power has confirmed that hackers accessed and stole sensitive customer data in a recent cybersecurity breach. The incident, publicly disclosed by Nova Scotia Power and its parent company Emera in late April, has now been linked to a range of stolen personal and financial information.
According to an update issued on May 14, the data breach occurred around March 19, when cybercriminals gained access to servers storing customer records. While the utility emphasized that power generation, transmission, and distribution systems remained unaffected, the breach has raised serious concerns about data privacy.
What Information Was Compromised?
The company revealed that the stolen information may include names, birthdates, phone numbers, email addresses, service and mailing addresses, and utility usage details such as billing history, payment records, and power consumption data.
More critically, some affected individuals also had their driver’s license numbers, Social Insurance Numbers (SINs), and — in cases where customers had enrolled in pre-authorized payments — bank account details exposed.
Despite the severity of the stolen data, Nova Scotia Power stated there is no evidence so far that the compromised information has been misused. However, in a proactive step, the utility is offering two years of free credit monitoring services to those impacted.
The exact number of affected customers hasn’t been disclosed, but the utility serves about 550,000 individuals across Nova Scotia.
Was This a Ransomware Attack?
As of now, it remains unclear whether the breach was part of a ransomware attack. No ransomware group has claimed responsibility, and the company has not confirmed any ransom demands. It’s possible that the attackers are still negotiating or that Nova Scotia Power paid a ransom quietly, avoiding public exposure on dark web leak sites.
When asked for more details, the company declined to share information beyond what’s already available on its website.
