Nova Scotia Power Confirms Ransomware Attack: Customer Data Stolen

Nearly a month after first detecting suspicious activity, Nova Scotia Power has confirmed it fell victim to a sophisticated ransomware attack that compromised sensitive customer information. The breach, initially disclosed on April 28, was revealed to be far more severe than initially thought, with hackers accessing names, addresses, payment details, and even Social Insurance Numbers (SINs).

In a May 23 update, the utility—which serves 550,000 customers—admitted that attackers stole data before encrypting systems. While no ransom was paid, the hackers have since published portions of the stolen data, though the exact contents remain under investigation.

What Data Was Compromised?

Nova Scotia Power has begun notifying 280,000 affected customers that the following information was exposed:
✔ Personal details (name, date of birth, contact information)
✔ Billing and power consumption history
✔ Driver’s license numbers
✔ Social Insurance Numbers (SINs)
✔ Bank account details (for pre-authorized payments)

The company emphasized that electricity generation and distribution were unaffected, preventing any service disruptions.

Ransomware Crisis: Why Didn’t Nova Scotia Power Pay?

The utility confirmed it refused to pay the ransom, citing sanctions laws and law enforcement guidance. This aligns with recommendations from cybersecurity experts, as paying ransoms funds criminal enterprises and doesn’t guarantee data recovery.

However, the attackers retaliated by leaking stolen files online. As of publication, no known ransomware group has claimed responsibility, leaving the threat actor’s identity a mystery.

Experts Weigh In: A Growing Threat to Critical Infrastructure

Cybersecurity analysts have long warned that power grids are prime targets for hackers, whether for financial extortion or geopolitical sabotage. Recent incidents include:

• 2021 Colonial Pipeline attack (caused fuel shortages)
• 2022 Costa Rica government breach (nationwide emergency declared)
• 2023 Danish energy sector attacks (disrupted heating systems)

“Utilities are attractive targets because they hold vast amounts of sensitive data and provide essential services,” said Kyle Wilhoit, Director of Threat Research at Palo Alto Networks. “Ransomware gangs know these organizations can’t afford downtime, increasing pressure to pay.”

What Should Affected Customers Do?

Nova Scotia Power is offering credit monitoring services to victims, but cybersecurity experts recommend additional steps:
🔹 Freeze credit reports to prevent identity theft
🔹 Monitor bank accounts for suspicious activity
🔹 Change passwords on any accounts linked to utility payments
🔹 Beware of phishing scams (attackers may pose as the utility)

The Bigger Picture: Are Power Grids Secure Enough?

This breach highlights critical vulnerabilities in energy sector cybersecurity. While Nova Scotia Power avoided operational disruptions, other attacks—like Russia’s 2015 Ukraine grid hack—have caused blackouts.

Future risks may include:

• AI-powered attacks that evade traditional defenses
• State-sponsored hackers targeting infrastructure during conflicts
• Ransomware-as-a-service (RaaS) making attacks more accessible

As cybercriminals grow bolder, this attack serves as a wake-up call for utilities worldwide. With nation-state hackers and ransomware gangs increasingly targeting essential services, the question isn’t if another breach will happen—but when, and how severe the consequences will be.