Nova Scotia Power Acknowledges Data Breach Resulting from Cyber Intrusion

Nova Scotia Power has officially confirmed that a cyberattack led to the unauthorized acquisition of sensitive customer information. This breach was identified after an incident involving unauthorized access to certain parts of its network, which supports the company’s critical operations.

As a key player within Canada’s utility sector, Nova Scotia Power, a subsidiary of Emera Inc., provides electricity to over 500,000 customers across residential, commercial, and industrial segments, commanding a market share of approximately 95%. The company is responsible for the generation of over 10,000 GWh annually, facilitated by an extensive distribution network that spans 32,000 kilometers (20,000 miles) of power lines.

The incident initially came to light on April 28, 2025, when internal investigations revealed unauthorized access; however, it was later determined that the actual data breach occurred on March 19, 2025. This timeline resulted in nearly two months passing before affected customers were notified through formal communications.

Despite the breach, Nova Scotia Power reported no disruptions to its electricity production and distribution. However, operational processes were significantly impacted as the company initiated its incident response protocols. Further investigation conducted on May 1 uncovered that a variety of customer information had potentially been compromised, including:

– Full name
– Telephone number
– Email address
– Mailing and service addresses
– Participation information in Nova Scotia Power programs
– Date of birth
– Customer account history (inclusive of power consumption, service requests, payment history, billing, credit history, and correspondence)
– Driver’s license number
– Social Insurance Number
– Bank account numbers (for certain customers)

In response to the breach, Nova Scotia Power has observed no evidence that the stolen data has been misused. Nonetheless, to mitigate potential risks to affected individuals, the utility will offer two years of complimentary credit monitoring services.

A statement from the company noted, “Notifications are currently being mailed to impacted account holders, which include detailed resources and support options.” It further emphasized, “Although we have no evidence that your personal information has been misused, we have arranged with TransUnion, a consumer reporting agency, to provide impacted individuals with a two-year subscription to a comprehensive credit monitoring service at no cost.”

Customers are advised to remain alert for potential phishing attempts, particularly those where threat actors may impersonate the utility in efforts to extract further sensitive information. As of now, no ransomware groups have claimed responsibility for this cyberattack on Nova Scotia Power.