Nova Scotia Power has confirmed that customer data was stolen during a cyberattack on its IT systems in March 2025, marking a significant escalation in the scope of the previously disclosed breach.
The utility is now directly notifying affected customers and offering credit monitoring services amid concerns about potential identity theft.
According to an official update published yesterday, the breach was traced back to March 19, when an unauthorized third party accessed and exfiltrated data from servers within the company’s network. The compromised data varies by individual but includes a range of personally identifiable information (PII), with some records containing highly sensitive fields such as Social Insurance Numbers, driver’s license numbers, and bank account details used for pre-authorized payments.
The attack was initially detected by Nova Scotia Power’s internal IT team in late March, prompting the immediate activation of incident response protocols. The company engaged third-party cybersecurity specialists to assist with containment and recovery, and law enforcement authorities were also notified. At the time, Nova Scotia Power emphasized that operational infrastructure, including power generation and delivery, remained unaffected.
Nova Scotia Power, headquartered in Halifax, serves approximately 500,000 customers across Nova Scotia and is a subsidiary of Emera Inc., a publicly traded energy holding company with operations across North America and the Caribbean. While the incident did not disrupt electricity services or affect Emera’s broader operations, it has significantly impacted customer service systems. Online account access and call center functions remain degraded, with delays ongoing as restoration efforts continue.
The stolen data includes, but is not limited to:
- Full names, addresses (mailing and service), phone numbers, and email addresses
- Customer account details, including billing and payment history, power usage, and service interactions
- Date of birth and Nova Scotia Power program participation details
- In some cases, Social Insurance Numbers, driver’s license numbers, and bank account details
The company is sending physical notification letters to affected customers, which include instructions to activate a free two-year credit monitoring subscription. No evidence of fraud has been reported so far, but customers are being urged to remain cautious and vigilant for phishing attempts, social engineering, and unsolicited requests for personal information.
The company advises all customers to watch for suspicious emails, phone calls, or messages pretending to be from Nova Scotia Power, avoid clicking on unexpected links or downloading unknown attachments, and monitor financial and credit accounts for unusual activity.
As the investigation continues, Nova Scotia Power has committed to keeping customers informed and working with cybersecurity experts to rebuild systems with enhanced protections.
Leave a Reply