Nova Scotia Power has confirmed it was the victim of a ransomware attack, weeks after initially alerting customers to a cybersecurity breach. The utility, owned by Emera Inc., revealed that the attack resulted in a data breach impacting approximately 280,000 customers—but emphasized it has not paid the ransom demanded by the attackers.
The Nova Scotia cyberattack, which began around March 19, 2025, was first made public on April 28. Since then, the utility has issued a series of updates to keep the public informed as its investigation unfolded. In its most recent statement on May 23, Nova Scotia Power confirmed the nature of the incident, stating, “We are confirming we have been the victim of a sophisticated ransomware attack.”
A Timeline of the Nova Scotia Cyberattack
On April 25, the company detected unusual activity within its network, prompting the activation of its incident response protocols. Immediate steps were taken to contain the situation and to bring in external cybersecurity experts to help assess the breach. Law enforcement was also notified.
By May 1, the company admitted that certain customer information had been accessed by an unauthorized third party. While the full scope was still under review at that point, Nova Scotia Power began preparing notifications for those affected.
On May 14, the company provided an update on the Nova Scotia data breach, confirming that hackers had stolen a range of customer data. The exposed information includes names, dates of birth, email addresses, phone numbers, mailing and service addresses, customer account histories, power consumption details, service requests, payment and billing histories, and credit histories.
More sensitive data, such as driver’s license numbers, Social Insurance Numbers (SIN), and bank account details (for those using pre-authorized payments), were also compromised.
Ransom Not Paid
Despite the severity of the attack, the company has stood firm on one key point: no payment has been made to the attackers. “This decision reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance,” the company said in its May 23 statement. The firm continues to work with cybersecurity experts to determine the full extent of the breach and to evaluate the nature of the stolen data, which has now been published online by the attackers.
To help mitigate potential harm, Nova Scotia Power has partnered with consumer credit reporting agency TransUnion to offer a two-year subscription to its credit monitoring service, myTrueIdentity, free of charge to those affected. Notification letters have been mailed to impacted individuals, containing instructions on how to enroll in the service and tips for protecting personal information.
The company has urged customers to remain vigilant. “Please be cautious about unsolicited communications, especially messages that appear to come from Nova Scotia Power requesting personal information,” officials advised. Customers are reminded not to click on suspicious links or download attachments from unverified sources.
Systems Restored, No Impact on Power Supply
Nova Scotia Power has assured the public that, despite the data breach in Nova Scotia, there has been no impact on electricity generation, transmission, or distribution systems. The utility continues to operate normally, with its critical infrastructure unaffected.
“There remains no disruption to Nova Scotia Power’s generation, transmission, and distribution facilities, and the incident has not impacted our ability to safely and reliably serve customers,” the company reiterated.
The parent company, Emera Inc., confirmed that the incident has not materially impacted its financial performance and is proceeding with its scheduled quarterly financial disclosure.
Conclusion
The organization continues to investigate the full scope of the cyberattack while working closely with cybersecurity experts to restore and strengthen its systems. With over 280,000 customers affected, the Nova Scotia data breach stands out as one of the most serious cyber incidents in recent Canadian history.
