Late last month, Nova Scotia Power, the principal electric utility serving the Canadian province, confirmed that a recent cyberattack resulted in the unauthorized access and compromise of personal information belonging to some of its customers. The utility’s investigation revealed that threat actors infiltrated its systems and gained entry to databases containing customer names, addresses, contact details, account numbers and billing histories. While no operational disruption to electrical generation or distribution was reported, the breach exposed sensitive data that could be used for identity fraud, phishing campaigns or other illicit purposes. Nova Scotia Power notified affected individuals by mail and email, advising them to remain vigilant against suspicious communications and offering credit monitoring services to mitigate potential misuse of their information. The company has engaged external cybersecurity experts and law enforcement to determine the full scope of the incident, identify the intrusion vector and shore up defenses against future attacks. Nova Scotia Power emphasized that it is committed to transparency and is taking steps to enhance its network security, strengthen monitoring capabilities and reinforce employee training to prevent a recurrence of such a data compromise.
Source: https://www.scworld.com/brief/the-co-op-hack-far-worse-than-first-reported
TPRM report: https://scoringcyber.rankiteo.com/company/invest-nova-scotia
"id": "inv900050525",
"linkid": "invest-nova-scotia",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Energy',
'location': 'Nova Scotia, Canada',
'name': 'Nova Scotia Power',
'type': 'Electric Utility'}],
'customer_advisories': ['Notified affected individuals by mail and email',
'Advised customers to remain vigilant against '
'suspicious communications',
'Offered credit monitoring services'],
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Customer names',
'Addresses',
'Contact details',
'Account numbers',
'Billing histories']},
'description': 'A cyberattack on Nova Scotia Power resulted in unauthorized '
'access to customer personal information, including names, '
'addresses, contact details, account numbers, and billing '
'histories.',
'impact': {'data_compromised': ['Customer names',
'Addresses',
'Contact details',
'Account numbers',
'Billing histories'],
'identity_theft_risk': 'High'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': ['Engaged external '
'cybersecurity experts',
'Enhance network security',
'Strengthen monitoring '
'capabilities',
'Reinforce employee '
'training']},
'response': {'communication_strategy': ['Notified affected individuals by '
'mail and email',
'Advised customers to remain vigilant '
'against suspicious communications',
'Offered credit monitoring services'],
'enhanced_monitoring': 'Yes',
'law_enforcement_notified': True,
'third_party_assistance': 'External cybersecurity experts'},
'title': 'Nova Scotia Power Data Breach',
'type': 'Data Breach'}