Nova Scotia Power hit by major data breach, compromising customer personal information

Canadian electric utility provider Nova Scotia Power said it recently suffered a significant data security incident that compromised the sensitive personal information of its customers.

 

Headquartered in Halifax, Canada, Nova Scotia Power is the primary electricity provider in Nova Scotia province and caters to roughly 550,000 customers in the area. It is privately owned by Emera and regulated by the provincial government via the Nova Scotia Utility and Review Board.

 

In a data security incident notice published on its website on May 1, NSP and its parent company Emera, said that on April 25, it detected unusual activity in its internal network. The electricity provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to contain the incident, secured the affected systems and notified relevant law enforcement authorities about the same.

 

“While our investigation is ongoing, we have identified that certain customer personal information was accessed and taken by an unauthorised third party,” NSP said.

 

While NSP is yet to share the nature of the incident or how much data was compromised, the company said that the incident did not disrupt any of its Canadian physical operations.

 

“There remains no disruption to any of our Canadian physical operations, including at Nova Scotia Power’s generation, transmission and distribution facilities, the Maritime Link or the Brunswick Pipeline, and the incident has not impacted the utility’s ability to safely and reliably serve customers in Nova Scotia. There has been no impact to Emera’s U.S. or Caribbean utilities,” NSP added.

 

The incident, however, affected NSP’s billing and its online customer portal MyAccount and the company will rectify any potential for duplicate payments.

 

NSP has assured its customers to share more details about the incident as the investigation progresses. 

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on NSP. The electricity provider also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.