Nova Scotia Power, a Canadian utility serving approximately 550,000 customers, suffered a sophisticated ransomware attack that compromised sensitive data of about 280,000 individuals. The attack, detected on April 25, 2025, involved unauthorized access to network systems and business application servers, with the initial breach occurring around March 19, 2025. The attackers exfiltrated personally identifiable information (PII) including names, birthdates, phone numbers, email addresses, service addresses, and account histories, along with highly sensitive financial data such as Social Insurance Numbers, driver’s license numbers, and bank account information. The utility refused to pay the ransom, citing compliance with sanctions laws and law enforcement guidance.
Source: https://cybersecuritynews.com/nova-scotia-ransomware-attack/
TPRM report: https://scoringcyber.rankiteo.com/company/nova-scotia-power
"id": "nov632052625",
"linkid": "nova-scotia-power",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"{'affected_entities': [{'customers_affected': '280,000',
'industry': 'Energy',
'location': 'Nova Scotia, Canada',
'name': 'Nova Scotia Power',
'size': 'Approximately 550,000 customers',
'type': 'Utility'}],
'attack_vector': ['Phishing Emails',
'Credential Stuffing',
'Exploitation of Unpatched System Vulnerabilities'],
'customer_advisories': True,
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'number_of_records_exposed': '280,000',
'personally_identifiable_information': ['Customer Names',
'Birthdates',
'Phone Numbers',
'Email Addresses',
'Service Addresses',
'Account Histories',
'Social Insurance '
'Numbers',
'Driver’s License '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['PII', 'Financial Data']},
'date_detected': '2025-04-25',
'date_publicly_disclosed': '2025-05-XX',
'description': 'Nova Scotia Power fell victim to a sophisticated ransomware '
'attack that compromised sensitive customer data belonging to '
'approximately 280,000 individuals.',
'impact': {'data_compromised': ['Customer Names',
'Birthdates',
'Phone Numbers',
'Email Addresses',
'Service Addresses',
'Account Histories',
'Social Insurance Numbers',
'Driver’s License Numbers',
'Bank Account Information'],
'identity_theft_risk': True,
'payment_information_risk': True,
'systems_affected': ['Network Systems',
'Business Application Servers']},
'initial_access_broker': {'entry_point': ['Phishing Emails',
'Credential Stuffing',
'Exploitation of Unpatched System '
'Vulnerabilities'],
'high_value_targets': True,
'reconnaissance_period': 'Approximately 5 weeks'},
'investigation_status': 'Ongoing',
'motivation': 'Financial Gain',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_demanded': True},
'references': [{'source': 'Nova Scotia Power'}],
'response': {'communication_strategy': True,
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': True,
'third_party_assistance': True},
'stakeholder_advisories': True,
'threat_actor': 'Organized Ransomware-as-a-Service (RaaS) Operation',
'title': 'Nova Scotia Power Ransomware Attack',
'type': 'Ransomware Attack'}