Nova Scotia Power, a utility owned by Emera Inc., fell victim to a **sophisticated ransomware attack** beginning around **March 19, 2025**, which was publicly disclosed on **April 28, 2025**. The breach compromised **personal and financial data of approximately 280,000 customers**, including **names, dates of birth, email addresses, phone numbers, mailing/service addresses, account histories, power consumption details, payment/billing histories, credit histories, driver’s license numbers, Social Insurance Numbers (SIN), and bank account details** (for pre-authorized payments). The attackers **published the stolen data online** after the company refused to pay the ransom, citing compliance with sanctions laws and law enforcement guidance.While the attack did **not disrupt power generation, transmission, or distribution**, it exposed highly sensitive customer information, posing risks of **identity theft, financial fraud, and long-term reputational damage**. The company partnered with **TransUnion** to offer **two years of free credit monitoring (myTrueIdentity)** to affected individuals and urged vigilance against phishing attempts. Despite the breach, Emera Inc. stated the incident had **no material financial impact** on its operations. The attack remains one of the **largest cyber incidents in recent Canadian history**, with ongoing investigations to assess full damages and strengthen security measures.
Source: https://thecyberexpress.com/nova-scotia-cyberattack/
TPRM report: https://www.rankiteo.com/company/nova-scotia-power
"id": "nov3561835112725",
"linkid": "nova-scotia-power",
"type": "Ransomware",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '280,000',
'industry': 'Energy',
'location': 'Nova Scotia, Canada',
'name': 'Nova Scotia Power',
'type': 'Utility Company'},
{'industry': 'Energy',
'location': 'Canada',
'name': 'Emera Inc.',
'type': 'Parent Company'}],
'customer_advisories': ['Notification letters with credit monitoring '
'enrollment instructions',
'Warnings about phishing risks and identity theft '
'protection tips'],
'data_breach': {'data_exfiltration': 'Yes (data published online by '
'attackers)',
'number_of_records_exposed': '280,000',
'personally_identifiable_information': 'Yes (names, dates of '
'birth, SIN, driver’s '
'license numbers, '
'etc.)',
'sensitivity_of_data': 'High (includes SIN, driver’s license '
'numbers, bank details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data',
'Account Histories',
'Service Requests']},
'date_detected': '2025-04-25',
'date_publicly_disclosed': '2025-04-28',
'description': 'Nova Scotia Power, a utility owned by Emera Inc., confirmed '
'it was the victim of a sophisticated ransomware attack that '
'resulted in a data breach impacting approximately 280,000 '
'customers. The attack began around March 19, 2025, and was '
'publicly disclosed on April 28, 2025. The company detected '
'unusual network activity on April 25, prompting incident '
'response protocols, external cybersecurity assistance, and '
'law enforcement notification. Hackers exfiltrated a wide '
'range of customer data, including names, dates of birth, '
'contact details, account histories, payment information, and '
'sensitive identifiers like Social Insurance Numbers (SIN) and '
'driver’s license numbers. Despite the severity, Nova Scotia '
'Power refused to pay the ransom, citing compliance with '
'sanctions laws and law enforcement guidance. The breach did '
'not disrupt power generation, transmission, or distribution '
'systems. Affected customers were offered free credit '
'monitoring services through TransUnion.',
'impact': {'brand_reputation_impact': 'Significant (one of the most serious '
'cyber incidents in recent Canadian '
'history)',
'data_compromised': ['names',
'dates of birth',
'email addresses',
'phone numbers',
'mailing addresses',
'service addresses',
'customer account histories',
'power consumption details',
'service requests',
'payment and billing histories',
'credit histories',
'driver’s license numbers',
'Social Insurance Numbers (SIN)',
'bank account details (for pre-authorized '
'payments)'],
'identity_theft_risk': 'High (sensitive PII exposed, including SIN '
'and bank details)',
'operational_impact': 'None (no disruption to power generation, '
'transmission, or distribution)',
'payment_information_risk': 'High (bank account details for '
'pre-authorized payments compromised)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (data published '
'online by attackers)'},
'investigation_status': 'Ongoing (as of May 23, 2025)',
'post_incident_analysis': {'corrective_actions': ['Credit monitoring for '
'affected customers',
'Enhanced public '
'communication and advisory '
'strategies']},
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': 'Yes (amount undisclosed)',
'ransom_paid': 'No'},
'recommendations': ['Customers advised to enroll in free credit monitoring '
'(TransUnion myTrueIdentity)',
'Vigilance against phishing and unsolicited '
'communications',
'Avoid clicking suspicious links or downloading '
'unverified attachments'],
'references': [{'source': 'Nova Scotia Power Public Statements'},
{'source': 'Emera Inc. Quarterly Financial Disclosure'}],
'response': {'communication_strategy': ['Public statements (April 28, May 1, '
'May 14, May 23)',
'Notification letters to affected '
'customers',
'Partnership with TransUnion for '
'credit monitoring'],
'incident_response_plan_activated': 'Yes (on 2025-04-25)',
'law_enforcement_notified': 'Yes',
'remediation_measures': ['Investigation with cybersecurity '
'experts',
'Free credit monitoring (TransUnion '
'myTrueIdentity) for affected customers',
'Public advisories on vigilance against '
'phishing'],
'third_party_assistance': 'Yes (external cybersecurity experts '
'engaged)'},
'stakeholder_advisories': ['Public updates on breach scope and mitigation '
'efforts',
'Collaboration with law enforcement and '
'cybersecurity experts'],
'title': 'Nova Scotia Power Ransomware Attack and Data Breach',
'type': ['ransomware', 'data breach']}