Cyber Incident Updates

A dedicated team within Nova Scotia Power, along with third-party cybersecurity experts, are continuing the investigation into the recent ransomware attack that has impacted our customers and our company. Today, we are providing an update on the recent cyber incident and impacts to the personal data of former customers. We are also announcing an expansion of credit monitoring.

Beginning today, we will be offering five years of free credit monitoring to all customers of Nova Scotia Power—past and present—regardless of whether you received a letter from us about the incident. Customers will not pay for any costs incurred by Nova Scotia Power for credit monitoring resulting from this incident.

We have determined through our investigation that the personal information of former customers was also accessed on or around March 19, 2025, and later taken by an unauthorized third-party, in addition to the personal information of the current customers to whom notifications have already been sent.

We are working to determine the full scope of data that may be impacted but we cannot rule out the possibility that some or all of the following personal information has been impacted: name, phone number, email address, mailing and service addresses, Nova Scotia Power program participation information, date of birth, and customer account history (such as power consumption, service requests, customer payment, billing and credit history, and customer correspondence), and driver’s license number. For some of our former customers, bank account numbers (for pre-authorized payment) and Social Insurance Numbers may also have been impacted.

We intend to do everything we can to support current and former customers, which includes expanded access to credit monitoring.

Those who want to sign up for the credit monitoring service can click here to validate and secure a unique code for the service. Anyone who has already signed up for credit monitoring will automatically be extended to five years.

We are focused on supporting our customers. We are here for regular business from 8 AM–6 PM, Monday through Friday. Please contact us at 1-800-428-6230.

To make it easier to help all customers through the sign-up process, tips on registering for credit monitoring can be found here and will be included in upcoming bills, as well as available in locations throughout the province. This includes information on additional steps customers can take to protect themselves from identity theft. We are also deploying employee volunteers to communities across the province to provide hands-on support for customers who prefer assistance in person.

We encourage customers to remain vigilant and cautious about any unsolicited communications (such as emails, text messages, social posts, or phone calls), including messages that appear to be from Nova Scotia Power asking you to provide your personal information. Please avoid clicking on suspicious links or downloading attachments without confirming they are from a legitimate source.

We have heard concerns about SINs, which we historically collected for customer authentication purposes. We are committed to permanently deleting all instances of SINs from our systems as soon as our investigation allows.

Nova Scotia Power is continuing to take steps to fully understand what happened in this matter and to prevent a recurrence of this issue.  Additionally, we are fully cooperating with the Office of the Privacy Commissioner of Canada and the Nova Scotia Energy Board, which have both announced investigations into this incident.

We recognize that this incident may have shaken the confidence of some of our customers. We are working hard to do everything we can to regain your confidence.

While recognizing that the investigation and response efforts remain ongoing, we have committed to be as open and transparent as possible. This meeting today is a part of that transparency.

Opening remarks by Peter Gregg, President & CEO

On behalf of our entire team at Nova Scotia Power, thank you for the invitation to attend today’s committee meeting. Cybersecurity is a critical issue facing private, public, and government organizations right now and we all need to work together to protect the security of Nova Scotians. I am here today with two colleagues, Chris Lanteigne, Nova Scotia Power’s Director of Customer Care, and Chris Heck, the Chief Digital Officer from our parent company, Emera. We appreciate the opportunity to discuss this issue with you today and how we can get stronger together as we move forward.

I would like to begin with reiterating our sincere apologies to all our customers that they have been impacted by this cyber incident. We understand it is very concerning and we’re working hard to address customer issues and to continue to strengthen our systems as we work to restore and rebuild.

As we begin, it’s important to remind people of the sensitivity of the incident and the fact that it is ongoing. This was a sophisticated attack on Nova Scotia Power and our customers by a criminal who has stolen data from our systems. We are committed to being as open and transparent as possible, as we have been since the beginning of the incident—our investigation and response efforts remain ongoing.

Maintaining the integrity of the active investigation, under the careful guidance of leading cybersecurity experts, is essential. We have also notified and sought input from law enforcement.

The privacy commissioner of Canada stated last week that: “Data breaches have surged over the past decade, and this incident highlights the growing risks of cyberattacks for all organizations.”

Despite this reality, we know that to our customers, Nova Scotia Power is not just any organization. We are a vital part of their every day lives and we take that responsibility very seriously. And we take cybersecurity very seriously and work every day to manage threats and continually evolving risks.

I want to assure the committee that before this attack we invested heavily in keeping our network and information secure. We implement measures and controls designed to align with the National Institute of Standards and Technology and the North American Electric Reliability Corporation (NERC), organizations that set standards for electric utilities across North America. However, as we know, the cyber criminals are getting more and more sophisticated and we continue to focus our efforts and make investments to address these growing threats.

No payment has been made to the criminal. This reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance. It was illegal to make a payment.

Immediately after detecting unusual activity on our network on April 25, we activated our existing cyber incident response and business continuity protocols. These included engaging leading third-party cybersecurity experts and taking swift actions to contain and isolate the affected systems to prevent further intrusion. Our cybersecurity program ensured that our operations systems and electric grid continue to perform as usual.

As you know, the criminals stole data, which unfortunately includes the personal data of customers. We’ve sent notifications to those impacted existing account holders and encouraged them to sign up for free credit monitoring service and are continuing to investigate the full scope of the impact of the data. And this investigation is complex, extremely detailed, and will take time.

I am also encouraging all impacted customers to sign up for complimentary credit monitoring and identity protection services. We have updated our website to include tips on some of the common issues customers have had in signing up.

Additionally, for anyone experiencing challenges, we will start providing in-person support in various communities across the province starting later this week to assist our customers. Signing up online remains the best path for customers, but we plan to provide some in-person support for those who are less comfortable with the online process or have questions. More details will be communicated in the coming days.

I want to assure you that we are cooperating at all levels on the investigation of this criminal attack. As you are aware, formal investigations of the incident have been initiated by both the Nova Scotia Energy Board and the Office of the Privacy Commissioner of Canada. Nova Scotia Power will fully cooperate with both of these proceedings.

You have my commitment that our team is focused on the continued investigation of our restoration efforts. We will continue to be open and transparent as we move through this process. We know that our customers feel we have let them down and we are doing everything we can to support them. We thank all our customers for their patience as we continue to work through this very difficult and active situation.

Thank you. We look forward to the discussion.

Peter Gregg, President & CEO, Nova Scotia Power

We wanted to provide an update on Nova Scotia Power's ongoing cyber incident. Today, we are confirming we have been the victim of a sophisticated ransomware attack.

Since the incident began several weeks ago, Nova Scotia Power has been actively working with the assistance of third-party cyber security experts to restore our systems safely and investigate the incident. We have also been working to further strengthen our systems and add additional security protections.

No payment has been made to the threat actor. This decision reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance.

We have learned that the threat actor has published data that was stolen from our systems. We are actively working with cybersecurity experts to assess the nature and scope of the information that may have been impacted.

Notifications have been mailed to impacted account holders, which include detailed information about resources and support. Arrangements have been made with the consumer reporting agency, TransUnion, to provide impacted individuals with a two-year subscription to a comprehensive credit monitoring service (TransUnion myTrueIdentity®) at no cost.

We encourage customers who receive a notification to enroll in the TransUnion credit monitoring service and otherwise remain vigilant and cautious about any unsolicited communications (such as emails, text messages, social posts, or phone calls), including messages that appear to be from Nova Scotia Power asking you to provide your personal information. Please avoid clicking on suspicious links or downloading attachments without confirming they are from a legitimate source.

We remain sincerely sorry that this issue has occurred. Protecting the privacy and security of information held by Nova Scotia Power is something we take very seriously.

Nova Scotia Power continues to investigate a cyber incident that has impacted certain IT systems in our network. We are working with external cybersecurity experts to determine the scope of the impact and safely and securely restore and rebuild our impacted systems.

While the investigation remains ongoing, we have determined that on or around March 19, 2025, certain customer information stored on the impacted servers was accessed and later taken by an unauthorized third party.

Notifications are in the process of being mailed to impacted account holders, which includes detailed information about resources and support. While we have no evidence of misuse of your personal information, as a precaution, arrangements have been made with the consumer reporting agency, TransUnion, to provide impacted individuals with a two-year subscription to a comprehensive credit monitoring service (TransUnion myTrueIdentity®) at no cost.

The types of impacted personal information varied by individual customer and depended, in part, on the information provided by each customer. This may have included one or more of the following: name, phone number, email address, mailing and service addresses, Nova Scotia Power program participation information, date of birth, and customer account history (such as power consumption, service requests, customer payment, billing, and credit history, and customer correspondence), driver’s license number, and Social Insurance Number. For some of our customers, bank account numbers (for pre-authorized payment) may also have been impacted, if this information was provided by these customers.

We encourage customers to remain vigilant and cautious about any unsolicited communications (such as emails, text messages, social posts, or phone calls), including messages that appear to be from Nova Scotia Power asking you to provide your personal information. Please avoid clicking on suspicious links or downloading attachments without confirming they are from a legitimate source.

Any customer who receives a letter in the mail from Nova Scotia Power will be provided with a phone number to call with any questions and to activate their two year subscription for credit monitoring.

Nova Scotia Power is providing important information about the recent cyber incident affecting our company. 

On April 25, we detected unusual activity on our network and immediately initiated our incident response plan. This included taking steps to contain the incident, launching a thorough investigation with the help of external cybersecurity experts, and working to restore affected systems safely and securely. We have also notified law enforcement.

While our investigation is ongoing, we have identified that certain customer personal information was accessed and taken by an unauthorized third party.

Rest assured, we are treating this situation very seriously. The security of your information is our top priority. We are working urgently to determine the full nature and scope of the data that may have been affected, and individuals impacted.

If we determine that your data was affected, we will send you notice with further details including about the affected information, along with resources and support.

We encourage you to remain vigilant and cautious about any unsolicited communications (such as emails, text, social posts, or phone calls) that appear to be from Nova Scotia Power asking you to provide your personal information. Please avoid clicking on suspicious links or downloading attachments without confirming they are from a legitimate source. 

We are committed to providing further updates as our investigation progresses. Our team asks for your patience as we work to understand the specific details of this unfortunate cyber incident.

There remains no disruption to Nova Scotia Power’s generation, transmission, and distribution facilities, and the incident has not impacted on our ability to safely and reliably serve customers in Nova Scotia.

We appreciate your patience and trust as we work to address this situation.

Emera Inc. and Nova Scotia Power today announced on April 25, 2025 they discovered and are actively responding to a cybersecurity incident involving unauthorized access into certain parts of its Canadian network and servers supporting portions of its business applications.

Immediately following detection of the external threat, the companies activated their incident response and business continuity protocols, engaged leading third-party cybersecurity experts, and took actions to contain and isolate the affected servers and prevent further intrusion. Law enforcement officials have been notified.

There remains no disruption to any of our Canadian physical operations, including at Nova Scotia Power’s generation, transmission and distribution facilities, the Maritime Link or the Brunswick Pipeline, and the incident has not impacted the utility’s ability to safely and reliably serve customers in Nova Scotia. There has been no impact to Emera’s U.S. or Caribbean utilities.

Emera will release its Q1 Financial Statements and Management Disclosure and Analysis on May 8, 2025, as planned. At this time, the incident is not expected to have a material impact on the financial performance of the business.

Our IT team is working diligently with cyber security experts to bring the affected portions of our IT system back online.