Nova Scotia Power has officially acknowledged falling prey to a ransomware attack that has affected around 280,000 customers, resulting in the exposure of sensitive personal and financial information. In a statement released on Friday, the utility company outlined the serious implications of this cyber incident, stating that it was unable to comply with the ransom demands posed by the attackers.
The attack was detected on April 25, 2025, when Nova Scotia Power's IT security team noticed unauthorized access to specific segments of their network systems. However, a subsequent forensic investigation revealed that the initial breach had occurred earlier, around March 19, 2025. This allowed the attackers nearly five weeks of unmonitored access to sensitive data.
"This incident exemplifies a classic case of double extortion ransomware, where not only are systems encrypted, but sensitive data is also stolen in order to increase pressure on the victim," said cybersecurity analyst Dr. Emily Chen. Such tactics have become alarmingly common in recent years.
"This incident exemplifies a classic case of double extortion ransomware, where not only are systems encrypted, but sensitive data is also stolen in order to increase pressure on the victim,"
The prolonged access facilitated thorough reconnaissance by the attackers, providing them with ample opportunity to gather and exfiltrate valuable data before launching their encryption efforts. Security experts noted that modern ransomware often employs advanced encryption methods such as AES-256 alongside RSA public-key cryptography, rendering files inaccessible without possession of the unique decryption keys held by the criminals.
By the Numbers
By the Numbers
By the Numbers
The range of information compromised in this breach is extensive and concerning. It includes personally identifiable information (PII), which consists of customer names, birthdates, phone numbers, email addresses, service locations, and account histories. Even more alarming is the exposure of sensitive financial data, which includes Social Insurance Numbers, driver’s license numbers, and bank account details for those enrolled in pre-authorized payment services.
"Our investigation confirmed that the attackers employed sophisticated techniques to maneuver laterally within our network, leading them to high-value data repositories," stated Steven Roberts, the Chief Information Security Officer at Nova Scotia Power. This suggests that the attackers may have exploited common vulnerabilities or employed tactics such as phishing attacks and credential stuffing.
"Our investigation confirmed that the attackers employed sophisticated techniques to maneuver laterally within our network, leading them to high-value data repositories,"
The nature of the attack strongly implies the possibility of involvement from a well-organized ransomware-as-a-service (RaaS) operation, a chilling evolution in the tactics used by cybercriminals. The structured approach to data exfiltration employed by the attackers raises red flags about the overall cybersecurity posture not just of Nova Scotia Power, but also other utilities and enterprises relying on equally vulnerable infrastructure.
"It’s crucial for companies to remain vigilant against such sophisticated cyber threats, especially in sectors that handle sensitive customer data," urged cybersecurity expert Dr. Samuel Jenkins. He emphasized the need for proactive measures and robust security frameworks to help mitigate such risks.
"It’s crucial for companies to remain vigilant against such sophisticated cyber threats, especially in sectors that handle sensitive customer data,"
Despite the severe implications of the breach, Nova Scotia Power has firmly stated that no ransom was paid, as per their policy aimed at not encouraging further attacks. "We remain committed to not negotiating with criminals, as capitulation only fuels the ongoing cycle of cybercrime," said Roberts.
"We remain committed to not negotiating with criminals, as capitulation only fuels the ongoing cycle of cybercrime,"
As Nova Scotia Power navigates the ramifications of this breach, it underscores the critical need for enhanced cybersecurity awareness among both individuals and organizations. With hackers increasingly targeting utility companies and public services, the potential fallout from such incidents can have far-reaching effects.
Looking Ahead
Looking Ahead
The outlook for Nova Scotia Power will depend on how effectively it can address the vulnerabilities laid bare by this attack while restoring customer trust. Continuous monitoring, rigorous security assessments, and employee training will be vital in preventing future cybersecurity incidents. Furthermore, as the utility company works to secure its networks, customers now find themselves confronted with the challenge of safeguarding their personal information in an ever-evolving digital landscape.
