Nova Scotia Power Confirms Ransomware Hackers Have Published Stolen Customer Data
Nova Scotia Power has officially confirmed that hackers involved in a March 2025 ransomware attack have now published the stolen personal data online. The utility company, which serves hundreds of thousands across the province, revealed the update in a news release on May 23. It said it has refused to pay the ransom and is working with cybersecurity experts to assess the damage.
What Happened?
Nova Scotia Power discovered a cybersecurity breach on April 25, but the investigation later revealed that hackers had accessed and stolen data as early as March 19. The company began sending letters this week to about 280,000 affected customers, confirming that an “unauthorized third party” accessed sensitive personal data from its Canadian servers.
What Data Was Stolen?
The letters detail a broad range of exposed data, including:
- Full names
- Phone numbers and email addresses
- Mailing addresses
- Dates of birth
- Driver’s licence numbers
- Social insurance numbers
- Bank account information
- Account history and possibly credit histories
Scammers can easily use this kind of data for identity theft, fraud, and other scams.
Company Response and Support
Nova Scotia Power says it has not paid the hackers due to legal restrictions and law enforcement guidance. Instead, they are offering customers two years of free credit monitoring via TransUnion.
Advertisement
They also warn customers to be extra cautious of scam emails, texts, social media messages, or phone calls pretending to be from the company. Nova Scotia Power is currently upgrading its systems and adding new cybersecurity measures to prevent future breaches.
Expert Criticism: “Two Years Is Not Enough”
Cybersecurity expert Claudiu Popa, CEO of Data Risk Canada, says the response from Nova Scotia Power falls short. He believes the company should take more accountability and directly tell each customer what data the breach compromised.
Popa also criticized the two-year credit monitoring offer as “entirely insufficient,” warning that identity theft threats can last far longer.
“There are an infinite number of scenarios where this data could be used to victimize someone,” he said. These include fraudulent mortgage applications, new bank accounts, or illegal purchases.
Advertisement
He recommends that affected individuals file a complaint with the Office of the Privacy Commissioner of Canada to ensure an independent investigation takes place.
What Should Customers Do Now?
- Monitor financial accounts closely for unusual activity
- Be cautious of unsolicited messages asking for personal info
- Use credit monitoring tools and consider placing fraud alerts
- You can file a privacy complaint if you’re concerned about how the company handled the breach.
Nova Scotia Power says it is “sincerely sorry” for the breach and promises to strengthen its systems.
What’s your take on Nova Scotia Power’s response to the ransomware attack—do you think they did enough?
More…
- https://halifax.citynews.ca/2025/05/23/n-s-power-says-hackers-have-published-stolen-data-from-ransomware-attack
- https://www.ctvnews.ca/atlantic/nova-scotia/article/nova-scotia-power-says-it-was-victim-of-sophisticated-ransomware-attack
- https://www.cbc.ca/player/play/video/9.6771315
Advertisement
