Nova Scotia Power, the largest electric utility in Nova Scotia, suffered a cyberattack in which an unauthorized third party gained access to its IT systems and stole sensitive customer data. The breach, detected on April 25, 2025 (but originating around March 19, 2025), exposed a wide range of personal and financial information, including full names, Social Insurance Numbers (SIN), driver’s license numbers, bank account details, payment histories, and credit records. While the company confirmed no misuse of the stolen data yet, the incident has led to a surge in phishing and fraud attempts impersonating Nova Scotia Power. The utility is offering free credit monitoring to affected customers and working with cybersecurity experts to restore systems and prevent future breaches. Physical power operations remained unaffected, but the compromise of highly sensitive customer data poses significant risks of identity theft, financial fraud, and reputational damage.
Source: https://thecyberexpress.com/nova-scotia-power-data-breach/
TPRM report: https://www.rankiteo.com/company/nova-scotia-power
"id": "nov1045710112825",
"linkid": "nova-scotia-power",
"type": "Cyber Attack",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Not specified (notifications '
'sent to impacted individuals)',
'industry': 'Energy/Utilities',
'location': 'Nova Scotia, Canada',
'name': 'Nova Scotia Power',
'size': 'Large (Nova Scotia’s largest electric '
'utility)',
'type': 'Electric Utility'}],
'customer_advisories': ['Watch for mailed notification letters',
'Enroll in free TransUnion myTrueIdentity® credit '
'monitoring (2-year subscription)',
'Report suspicious communications',
'Monitor financial accounts for unusual activity',
'Contact Customer Care Centre for verification of '
'messages'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes PII, financial data, '
'and government-issued IDs)',
'type_of_data_compromised': ['Full name',
'Phone number',
'Email address',
'Mailing and service addresses',
'Participation in Nova Scotia '
'Power programs',
'Date of birth',
'Customer account history (power '
'consumption, service requests, '
'payment/billing records, credit '
'history, support '
'communications)',
'Driver’s license number',
'Social Insurance Number (SIN)',
'Bank account numbers (for '
'pre-authorized payments)']},
'date_detected': '2025-04-25',
'date_publicly_disclosed': '2025-04-25',
'description': 'Nova Scotia Power, the largest electric utility in Nova '
'Scotia, confirmed a cyberattack that compromised parts of its '
'IT systems, resulting in the theft of sensitive customer '
'information. The breach was detected on April 25, 2025, but '
'occurred around March 19, 2025. While physical operations '
'(power generation, distribution, and transmission) remained '
'unaffected, customer data—including names, contact details, '
'SINs, bank account numbers, and more—was exposed. The company '
'is offering free credit monitoring to affected customers and '
'warns of increased fraud attempts post-breach.',
'impact': {'brand_reputation_impact': 'High (public apology issued, fraud '
'warnings, credit monitoring offered)',
'data_compromised': True,
'identity_theft_risk': 'High (SINs, bank accounts, and PII '
'exposed)',
'operational_impact': 'None (physical operations unaffected)',
'payment_information_risk': 'High (bank account numbers for '
'pre-authorized payments exposed)',
'systems_affected': ['IT systems (servers)']},
'initial_access_broker': {'high_value_targets': ['Customer databases',
'IT systems']},
'investigation_status': 'Ongoing (working with external cybersecurity '
'experts)',
'lessons_learned': ['Critical need for stronger data protection in the '
'utility sector',
'Importance of real-time dark web monitoring',
'Faster breach detection required',
'Customer education on fraud prevention is essential '
'post-breach'],
'post_incident_analysis': {'corrective_actions': ['Rebuilding affected '
'systems with improved '
'security',
'Enhanced monitoring and '
'threat detection',
'Customer support measures '
'(credit monitoring, fraud '
'warnings)']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Implement real-time threat detection systems',
'Enhance employee and customer cybersecurity awareness '
'training',
'Conduct regular security audits and penetration testing',
'Strengthen authentication protocols for IT systems',
'Monitor dark web for exposed customer data'],
'references': [{'date_accessed': '2025-04-25',
'source': 'Nova Scotia Power Official Announcement'},
{'date_accessed': '2025-04-25',
'source': 'Nova Scotia Power X (Twitter) Thread'}],
'response': {'communication_strategy': ['Public updates (website, social '
'media, press releases)',
'Mailed notification letters to '
'affected customers',
'Dedicated phone line for inquiries',
'Warnings about fraudulent '
'communications'],
'containment_measures': ['Isolation and securing of affected '
'servers'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'recovery_measures': ['Working with external cybersecurity '
'experts',
'Restoring operations securely'],
'remediation_measures': ['Rebuilding impacted systems',
'Improving security measures'],
'third_party_assistance': True},
'stakeholder_advisories': ['Public apology issued',
'Warnings about fraudulent communications '
'(phishing, scams)',
'Guidance on verifying suspicious messages',
'Encouragement to enroll in credit monitoring'],
'threat_actor': 'Unauthorized third party',
'title': 'Nova Scotia Power Cyberattack and Data Breach',
'type': ['Data Breach', 'Cyberattack']}