Stolen information has been published as part of the Nova Scotia Power cybersecurity attack.
According to reports, 280,000 customers were affected.
In an update on the March incident, they are classifying it as a ‘ransomware attack.’
No payment has been made to the threat actor on advice from law enforcement.
The company says they’ve been working with third-party experts to restore and strengthen their systems.
“We are actively working with cybersecurity experts to assess the nature and scope of the information that may have been impacted,” the utility wrote in a news release.
Nova Scotia Power is offering free credit monitoring to those impacted, and are asking everyone to be vigilant of scam calls, emails or texts.
Letters sent to impacted customers
Customers should also start getting letters warning them that their data was on the hacked servers.
Customers started receiving letters a earlier this week from NS Power, warning them that some of their information was accessed by ransomware attackers. Pictured on May 23, 2025 (Submitted)
The stolen information is different for each customer and could have included one or more of the following:
- name
- date of birth
- phone number
- email address
- credit history
- bank account information (for customers with preauthorized payments)
- customer account history, which could includes power consumption, service requests, customer payment, billing and customer correspondence
- driver’s license number
- mailing and service addresses
- Nova Scotia Power program participation information
However, NS Power does not say in the letter whether that customer’s data was published online.
They say they “have no evidence of misuse of your personal information,” but as a precaution you can set up a free two-year subscription to a credit monitoring service with TransUnion, called myTrueIdentity.
The letters also include a code, which expires Sept. 30, 2025, for customers to enter to activate the service, along with a list of the included features. Most of it relates to credit monitoring and management.
But it also includes professionals who can help with identity theft, who can help restore your identity if its stolen. The service also comes with up to $1 million of expense reimbursement insurance.
The service will also monitor the dark web, including “surface, social, deep, and dark websites for potentially exposed personal, identity and financial information.”
As an update on the ongoing cybersecurity incident, we are confirming that we have been the victim of a sophisticated ransomware attack. We have also learned that the threat actor has published data that was stolen from our systems. 1/4 pic.twitter.com/I9wtZScbLB
— Nova Scotia Power (@nspowerinc) May 23, 2025
