Nova Scotia Power confirms hackers stole customer data in cyberattack

Nova Scotia Power confirms it suffered a data breach after threat actors stole sensitive customer data in a cybersecurity incident discovered last month.

Nova Scotia Power, a subsidiary of Emera Inc., is a significant utility in Canada. It serves over 500,000 residential, commercial, and industrial customers in Nova Scotia, holding 95% of the market share.

It generates over 10,000 GWh of energy annually, distributed through an extensive network of power lines extending for 32,000 kilometers (20,000 miles).

On April 28, 2025, the company announced that it had discovered unauthorized access into certain parts of its network and servers supporting its business.

Although there was no impact on the company’s electricity production and distribution, the incident response efforts disrupted internal operations.

Further investigations revealed on May 1, 2025, that customer information might have been stolen. An update published yesterday confirmed this previous finding, specifying the following data was exposed:

• Full name
• Phone number
• Email address
• Mailing and service addresses
• Nova Scotia Power program participation information
• Date of birth
• Customer account history (power consumption, service requests, customer payment, billing, credit history, and customer correspondence)
• Driver’s license number
• Social Insurance Number
• Bank account numbers (for some customers)

Also, the company found that the actual breach occurred earlier than initially anticipated, on March 19, 2025, which means that nearly two months had passed by the time affected customers were informed via notices mailed to their addresses.

Nova Scotia Power says there are no signs the stolen data has been misused, but it will provide two years of credit monitoring service coverage to letter recipients to mitigate the risks.

“Notifications are in the process of being mailed to impacted account holders, which includes detailed information about resources and support,” reads the incident status update.

“While we have no evidence of misuse of your personal information, as a precaution, arrangements have been made with the consumer reporting agency, TransUnion, to provide impacted individuals with a two-year subscription to a comprehensive credit monitoring service at no cost.”

Customers of Nova Scotia Power are advised to remain vigilant for phishing attempts, including cases of threat actors impersonating the utility to trick people into giving away sensitive data.

At the time of writing, no ransomware gangs have assumed responsibility for the attack at Nova Scotia Power.