Nova Scotia Power has confirmed it was the victim of a sophisticated ransomware attack that began several weeks ago, in which the “threat actor” published stolen data from the utility company’s systems.
Nova Scotia Power has been working with third-party cybersecurity experts to investigate the incident, which is ongoing, and restore its compromised systems and implement additional security protections, the release says.
Customer information including name, phone number, email address, mailing and services address, utility account information, driver’s licence number, social insurance number, and bank account number may have been compromised in the cyberattack.
“We are actively working with cybersecurity experts to assess the nature and scope of the information that may have been impacted,” Nova Scotia Power says.
Nova Scotia Power and its parent company, Emera Inc., first announced their discovery of the cybersecurity incident on April 25 after noticing “unauthorized” activity on their network.
The companies initiated their incident response “immediately following detection of the external threat” to contain and isolate the affected systems and prevent further attack, Nova Scotia Power said.
The utility company has mailed notifications to impacted customers and will provide them with a two-year subscription to a TransUnion credit monitoring service at no cost.
“We remain sincerely sorry that this issue has occurred,” Nova Scotia Power said. “Protecting the privacy and security of information held by Nova Scotia Power is something we take very seriously.”
Other Cyberattacks This Year
Several other Canadian institutions have been victims of cyberattacks across the country this year, including a school district in Kingston, Ont., that was attacked on Apr. 16, in which personal information records belonging to staff and students were accessed by hackers.Attacks on municipal governments across the country also occurred this year.
