Nova Scotia Power Faces Ransomware Attack, Expands Credit Monitoring

Ransomware Attack Stops Nova Scotia Power Meter Readings

Nova Scotia Power has confirmed a ransomware attack that halted the collection of customer meter readings, directly affecting billing processes. The incident, discovered on April 25, has led the utility company to pause billing temporarily and implement estimated billing for most customers until systems can be restored.

"Since the cyber incident discovered on April 25, power meters have continued to function and gather accurate energy usage data from homes and businesses across the province. However, due to the cyber incident, the meters have not been able to communicate that data to our systems," stated Nova Scotia Power in an incident update released on July 8.

The utility is currently collaborating with external cybersecurity experts to ensure a safe and secure restoration of their systems.

Attackers Accessed Customer Data, Including Bank Details

Investigations reveal that unauthorized access to customer data occurred around March 19, 2025. Approximately 280,000 customers were affected, with breaches potentially involving sensitive personal and financial information. This data could include names, dates of birth, phone numbers, email addresses, mailing addresses, driver’s license numbers, and Canadian Social Insurance numbers.

Nova Scotia Power has warned that some of the accessed information has been published on the dark web. The company is expanding credit monitoring services for those affected and advising customers to remain vigilant due to an increase in fraudulent communications posing as Nova Scotia Power.

Nova Scotia Power Resists Attacker Demands

On May 23, Nova Scotia Power disclosed the sophisticated nature of the ransomware attack, confirming that no payment has been made to the attackers. “No payment has been made to the threat actor. This decision reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance,” the company stated.

Utility providers increasingly face ransomware threats, with a report indicating a 42% surge in ransomware attacks in the industry over the previous year.

Image courtesy of CBC News

Nova Scotia Power to Expand Credit Monitoring

In response to the cybersecurity breach, Nova Scotia Power is offering five years of free credit monitoring for all customers, both past and present. This offer has increased from the initial two years provided.

The company announced that it would extend credit monitoring to all customers affected, including former customers whose data was also compromised. An update on the company's website confirmed the theft of information from former customers.

About 280,000 customers are believed to have been affected, leading Nova Scotia Power to encourage anyone concerned about their data protection to register for the extended credit monitoring service.

Nova Scotia Power is still assessing the full extent of the data accessed, acknowledging that sensitive information such as bank account numbers, social insurance numbers, and other personal details may have been compromised.

For more detailed information and updates, customers can visit Nova Scotia Power’s official site or their customer service page.