A cyberattack against Nova Scotia Power in March 2025 has resulted in the theft of sensitive personal data belonging to approximately 280,000 customers, the Canadian utility has confirmed.
The breach, first detected in May, involved unauthorized access to the company’s IT systems and exfiltration of customer data, prompting widespread notification efforts and the offering of identity protection services.
The incident occurred on March 19, but was discovered and communicated with the public later. The company’s internal IT team first noticed the intrusion and immediately activated incident response protocols. Third-party cybersecurity experts were brought in to assist with containment, forensics, and recovery efforts, while law enforcement authorities were also notified. Despite the breach, Nova Scotia Power reassured the public that its energy generation and delivery infrastructure remained fully operational throughout the incident.
Nova Scotia Power is a major utility based in Halifax, serving around 500,000 customers across Nova Scotia. It operates under Emera Inc., a publicly traded energy holding company with significant operations in Canada, the U.S., and the Caribbean. While no operational disruptions were reported, customer-facing systems, including the MyAccount web portal and call centers, experienced significant delays and outages that are still being addressed.
The company confirmed on May 15 that a range of personally identifiable information (PII) had been stolen in the attack. The stolen data varies by individual but may include names, physical addresses, email addresses, phone numbers, dates of birth, and details about customer accounts, such as billing history and power usage. In more severe cases, compromised records also include Social Insurance Numbers, driver’s license numbers, and banking details associated with pre-authorized payments.
In response, Nova Scotia Power has begun mailing physical notices to 280,000 affected individuals. These letters offer a complimentary 24-month credit monitoring service through Cyberscout. The service includes email alerts for credit file changes, identity theft insurance up to $1 million, dark web monitoring, and assistance interpreting credit reports. People are given until September 30, 2025 to enroll.
The company emphasized it is taking steps to strengthen its systems against future threats. Customers are strongly advised to enroll in the free monitoring service and take additional precautions such as placing fraud alerts or credit freezes with the major U.S. credit bureaus. They are also urged to be wary of phishing emails or phone calls purporting to be from Nova Scotia Power, and to avoid clicking on suspicious links or downloading attachments from unknown sources.
As investigations continue, Nova Scotia Power says it will provide ongoing updates and work to rebuild its digital infrastructure with enhanced security measures. The company has established a dedicated helpline for affected individuals.
Leave a Reply