Pierluigi Paganini
May 27, 2025
Nova Scotia Power confirmed it was hit by a ransomware attack nearly a month after disclosing a cyber incident. The company revealed it hasn’t paid the ransom.
Nova Scotia Power Inc. is a vertically integrated electric utility serving the province of Nova Scotia, Canada. Headquartered in Halifax, it is a subsidiary of Emera Inc. The company provides electricity to over 500,000 residential, commercial, and industrial customers across the province. Its operations encompass generation, transmission, and distribution of electricity, utilizing a diverse mix of energy sources including coal, natural gas, hydroelectric, wind, tidal, oil, and biomass. Nova Scotia Power manages approximately $5 billion in assets and produces more than 10,000 gigawatt-hours of electricity annually.
In April, Nova Scotia Power and Emera faced a cyber attack that impacted their IT systems and networks. Both companies declared that the security incident did not cause any power outages.
On April 25, both companies found unauthorized access to parts of their network. In response to the intrusion, the companies shut down affected servers, disrupting IT systems, including customer support lines and the online portal. As of April 28, they were still working to restore services, and confirmed that the incident did not “impact on their ability to provide safe, reliable power to their customers.
Emera confirmed no disruption to its Canadian operations, including Nova Scotia Power, and no impact on U.S. or Caribbean utilities.
The companies did not share technical details about the attack, however, experts speculate they have been targeted in a ransomware attack.
In mid-May, the company disclosed a data breach after the April security incident and revealed that threat actors had stolen sensitive customer data. The company determined that the incident occurred on or around March 19, 2025. Attackers gained access to certain customer information stored on some servers and later taken by an unauthorized third party.
“While the investigation remains ongoing, we have determined that on or around March 19, 2025, certain customer information stored on the impacted servers was accessed and later taken by an unauthorized third party.” reads the update published by the company on May 14, 2025. “Notifications are in the process of being mailed to impacted account holders, which includes detailed information about resources and support. While we have no evidence of misuse of your personal information, as a precaution, arrangements have been made with the consumer reporting agency, TransUnion, to provide impacted individuals with a two-year subscription to a comprehensive credit monitoring service (TransUnion myTrueIdentity®) at no cost.“
The impacted personal information varies by customer and could include different types depending on what each customer provided, including name, phone number, email address, mailing and service addresses, Nova Scotia Power program participation information, date of birth, and customer account history (such as power consumption, service requests, customer payment, billing, and credit history, and customer correspondence), driver’s license number, and Social Insurance Number. For some of our customers, bank account numbers (for pre-authorized payment) may also have been impacted, if this information was provided by these customers.
Nova Scotia Power warned customers about phishing scams impersonating the utility to steal data.
In the update published on its website on May 23, Nova Scotia Power confirmed that it was hit by a “sophisticated ransomware attack”.
“Today, we are confirming we have been the victim of a sophisticated ransomware attack.” reads the update. “No payment has been made to the threat actor. This decision reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance.”
Nova Scotia Power confirmed that threat actors had published the stolen data. Affected customers were notified and offered 2 years of free credit monitoring via TransUnion. The company urges vigilance against suspicious messages or phishing attempts and is working with cybersecurity experts to assess the scope of the incident.
Despite the company’s claims, I haven’t been able to find Nova Scotia Power listed on any known dark web leak sites linked to ransomware groups.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
