Nova Scotia Power confirms ransomware attack, no ransom paid

Canadian electric utility provider Nova Scotia Power revealed that it has been dealing with a ransomware attack that compromised the sensitive personal information of almost 280,000 customers.

 

In a data security incident notice published on its website on May 1, NSP and its parent company Emera, said that on April 25, it detected unusual activity in its internal network. The electricity provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“While our investigation is ongoing, we have identified that certain customer personal information was accessed and taken by an unauthorised third party,” NSP said.

 

In a separate update published on May 14, NSP said that threat actors breached its internal network on March 19 and stole customer data.

 

The compromised data included names, phone numbers, email addresses, mailing and service addresses, Nova Scotia Power program participation information, dates of birth, customer account history including  power consumption details, service requests, customer payments, billing information,  credit history, driver’s license numbers, Social Insurance Numbers, and customers’ bank account numbers for pre-authorised payment.

 

While the nature of the data security incident wasn’t initially disclosed by the company, in a recent update on May 23, NSP said it has been dealing with a “sophisticated ransomware attack” that compromised the sensitive personal information of around 280,000 customers.

 

“We have learned that the threat actor has published data that was stolen from our systems. We are actively working with cybersecurity experts to assess the nature and scope of the information that may have been impacted.

 

“No payment has been made to the threat actor. This decision reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance,” the company said.

 

NSP has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered two years of complimentary identity protection and credit monitoring services through TransUnion to all affected individuals.