Saturday, May 24, 2025
Latest:
The Register

Ransomware scum leaked Nova Scotia Power customers’ info

TH Author

Nova Scotia Power on Friday confirmed it had been hit by a ransomware attack that began earlier this spring and disrupted certain IT systems, and admitted the crooks leaked data belonging to about 280,000 customers online. The stolen info may have included billing details and, for those on autopay, bank account numbers.

Ransomware criminals are increasingly targeting utilities and other critical infrastructure, and often focus on the systems between core IT and operations, where defenses are weaker and utilities are more likely to pay. But in this case, the power company says it kept its wallet shut.

Nova Scotia Power and its parent company Emera first discovered the breach on April 25, describing it as “a cybersecurity incident involving unauthorized access into certain parts of its Canadian network and servers supporting portions of its business applications.” They later determined that the attack began around March 19. Operations were not affected, but the power slinger nonetheless called in an outside cybersecurity firm to investigate.

By May 1, the investigation had found that an unauthorized party accessed and exfiltrated some customer data.

Last week, the Canadian province’s largest electricity generator revealed that this may have included people’s names, phone numbers, email addresses, mailing and service addresses, Nova Scotia Power program participation information, date of birth, customer account history (such as power consumption, service requests, customer payment, billing, credit history, and customer correspondence), driver’s license numbers, social insurance numbers, and, for some customers who signed up for autopayments, bank account numbers.

In a Friday update, Nova Scotia Power confirmed that the attack involved ransomware, and said it did not pay a ransom to the extortionists. “This decision reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance,” according to the notice posted on the utility’s website.

It also warned about 280,000 of its 500,000 customers that some of their information had been leaked online, the company told El Reg./p>

“We are actively working with cybersecurity experts to assess the nature and scope of the information that may have been impacted,” according to the Friday update

It doesn’t appear any ransomware group has claimed the attack for now. 

Nova Scotia Power did not answer our other questions, including how the crooks got in, nor when it expects to restore all of its IT systems. Its billing and payment systems, MyAccount customer portal, and online outage reporting service remain offline.

All affected customers will receive a free two-year subscription to the TransUnion credit monitoring service.

The biz’s website also warns customers that, following the ransomware attack, there has been an uptick in fake phone, text, social media posts, and websites posing as the power company: “We encourage you to remain vigilant and cautious about any unsolicited communications that appear to be from Nova Scotia Power asking you to provide your personal information.” ®

READ MORE HERE