Nova Scotia Power Faces Ransomware Attack, Expands Credit Monitoring

Alan V Gutnov
Alan V Gutnov

Director of Strategy

 
July 17, 2025 3 min read

Ransomware Attack Stops Nova Scotia Power Meter Readings

Nova Scotia Power has confirmed a ransomware attack that halted the collection of customer meter readings, directly affecting billing processes. The incident, discovered on April 25, has led the utility company to pause billing temporarily and implement estimated billing for most customers until systems can be restored.

"Since the cyber incident discovered on April 25, power meters have continued to function and gather accurate energy usage data from homes and businesses across the province. However, due to the cyber incident, the meters have not been able to communicate that data to our systems," stated Nova Scotia Power in an incident update released on July 8.

The utility is currently collaborating with external cybersecurity experts to ensure a safe and secure restoration of their systems.

Attackers Accessed Customer Data, Including Bank Details

Investigations reveal that unauthorized access to customer data occurred around March 19, 2025. Approximately 280,000 customers were affected, with breaches potentially involving sensitive personal and financial information. This data could include names, dates of birth, phone numbers, email addresses, mailing addresses, driver’s license numbers, and Canadian Social Insurance numbers.

Nova Scotia Power has warned that some of the accessed information has been published on the dark web. The company is expanding credit monitoring services for those affected and advising customers to remain vigilant due to an increase in fraudulent communications posing as Nova Scotia Power.

Nova Scotia Power Resists Attacker Demands

On May 23, Nova Scotia Power disclosed the sophisticated nature of the ransomware attack, confirming that no payment has been made to the attackers. “No payment has been made to the threat actor. This decision reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance,” the company stated.

Utility providers increasingly face ransomware threats, with a report indicating a 42% surge in ransomware attacks in the industry over the previous year.

a sign on a gray building says "Nova Scotia Power an Emera Company."
Image courtesy of CBC News

Nova Scotia Power to Expand Credit Monitoring

In response to the cybersecurity breach, Nova Scotia Power is offering five years of free credit monitoring for all customers, both past and present. This offer has increased from the initial two years provided.

The company announced that it would extend credit monitoring to all customers affected, including former customers whose data was also compromised. An update on the company's website confirmed the theft of information from former customers.

About 280,000 customers are believed to have been affected, leading Nova Scotia Power to encourage anyone concerned about their data protection to register for the extended credit monitoring service.

Nova Scotia Power is still assessing the full extent of the data accessed, acknowledging that sensitive information such as bank account numbers, social insurance numbers, and other personal details may have been compromised.

For more detailed information and updates, customers can visit Nova Scotia Power’s official site or their customer service page.

Alan V Gutnov
Alan V Gutnov

Director of Strategy

 

MBA-credentialed cybersecurity expert specializing in Post-Quantum Cybersecurity solutions with proven capability to reduce attack surfaces by 90%.

Related Articles

Ransomware Attacks Target Russian Vodka and Healthcare Sectors

The Novabev Group, parent company of the Beluga vodka brand, experienced a ransomware attack on July 14, 2025, causing significant disruptions. The attack affected WineLab, the company's liquor store chain, leading to a three-day closure of over 2,000 locations in Russia. The company reported that the attack crippled its IT infrastructure, particularly point-of-sale systems and online services. Novabev Group stated, "The company maintains a principled position of rejecting any interaction with cybercriminals and refuses to fulfill their demands."

By Alan V Gutnov July 19, 2025 3 min read
Read full article

Retail Sector Faces Surge in Ransomware Attacks: A 2025 Analysis

Publicly disclosed ransomware attacks on the retail sector globally surged by 58% in Q2 2025 compared to Q1, with UK-based firms being particularly targeted, according to a report by BlackFog. This spike in attacks follows high-profile breaches affecting retailers like Marks & Spencer (M&S), The Co-op, and Harrods, attributed to the threat actor known as Scattered Spider.

By Alan V Gutnov July 19, 2025 2 min read
Read full article

AI-Driven Lcryx Ransomware Emerges in Cryptomining Botnet

A cryptomining botnet active since 2019 has incorporated a likely AI-generated ransomware known as Lcryx into its operations. Recent analysis by the FortiCNAPP team at FortiGuard Labs identified the first documented incident linking H2miner and Lcryx ransomware. This investigation focused on a cluster of virtual private servers (VPS) utilized for mining Monero.

By Edward Zhou July 19, 2025 3 min read
Read full article

Preventing ClickFix Attacks: Safeguarding Against Human Error

ClickFix is an emerging social engineering technique utilized by threat actors to exploit human error. This technique involves misleading users into executing malicious commands under the guise of providing "quick fixes" for common computer issues. Threat actors use familiar platforms and deceptive prompts to encourage victims to paste and run harmful scripts.

By Alan V Gutnov July 19, 2025 3 min read
Read full article