Nova Scotia Power, a subsidiary of Emera Inc. and the primary electricity provider for the province of Nova Scotia, confirmed a devastating ransomware attack that compromised the personal and financial data of approximately 375,000 customers. The breach, attributed to a Russia-linked threat actor, began around March 19, 2025 and was initially estimated to affect 280,000 customers before the figure was revised upward following a deeper forensic investigation.
What Happened
The attack was first detected when Nova Scotia Power's internal systems experienced disruptions in late March 2025. A Russia-based threat actor gained unauthorized access to the utility's network, deploying ransomware that encrypted critical systems and exfiltrated large volumes of customer data. The attacker demanded a ransom payment in exchange for not publishing the stolen data and providing decryption keys.
CEO Peter Gregg publicly attributed the attack to a Russia-based threat actor and confirmed that the company refused to pay the ransom, a decision aligned with guidance from Canadian cybersecurity authorities and law enforcement agencies.
Data Compromised
The scope of the stolen data is extensive and includes:
- Full names and residential addresses
- Social Insurance Numbers (SINs)
- Driver's licence numbers
- Bank account details used for payment
- Billing history and payment records
- Power consumption data and usage patterns
The combination of SINs with bank account details makes this breach particularly dangerous, as it provides threat actors with sufficient information to commit financial fraud and identity theft on a significant scale.
Nova Scotia Power's Response
In the wake of the attack, Nova Scotia Power took several remediation steps:
- Refused to pay the ransom demand
- Engaged external cybersecurity forensic investigators
- Notified the Office of the Privacy Commissioner of Canada
- Offered two years of complimentary credit monitoring to all affected customers
- Acknowledged that customer care services were disrupted for several weeks during recovery
The Nova Scotia Utility and Review Board has launched a regulatory inquiry into the incident to assess the utility's cybersecurity preparedness and determine whether additional oversight measures are required for critical infrastructure providers in the province.
What Affected Customers Should Do
If you are a Nova Scotia Power customer, CyberSafe recommends taking these steps immediately:
- Enroll in the free credit monitoring program offered by Nova Scotia Power
- Place fraud alerts with Equifax Canada and TransUnion Canada
- Monitor bank accounts linked to your utility payments for unauthorized transactions
- Request a replacement driver's licence from Service Nova Scotia
- Be alert for phishing emails or calls impersonating Nova Scotia Power
- Report any suspicious activity to the Canadian Anti-Fraud Centre at 1-888-495-8501
Lessons for Critical Infrastructure
This attack underscores the growing threat to Canadian critical infrastructure from state-linked ransomware groups. Energy utilities hold vast amounts of sensitive customer data and operate systems that are essential to public safety. A defence-in-depth approach including network segmentation, endpoint detection and response (EDR), and regular tabletop exercises is essential.