Nova Scotia’s largest electric utility, Nova Scotia Power, has confirmed that customer information was stolen in a recent cyberattack that compromised parts of its IT systems. The company, along with its Halifax-based parent firm Emera, discovered the Nova Scotia Power data breach on April 25, 2025, prompting immediate action to isolate and secure the affected servers.
In an official update shared on Wednesday, Nova Scotia Power revealed that the cyber incident had resulted in unauthorized access to sensitive customer information. According to their investigation, the Nova Scotia Power cyberattack occurred on or around March 19, 2025, nearly five weeks before it was detected.
Nova Scotia Power Data Breach: Investigation and Response Underway
Nova Scotia Power stated it is working closely with external cybersecurity experts to assess the extent of the data breach and to restore and rebuild impacted systems.
“We are continuing to investigate the cyber incident that has affected certain IT systems in our network,” the company said in its public communication. “Our priority is to safely and securely restore operations while protecting customer information.”
Though the investigation is still ongoing, Nova Scotia Power has confirmed that an unauthorized third party accessed and stole certain customer data from the affected servers. Physical operations—such as power generation, distribution, and transmission—were not impacted, and customers are still receiving uninterrupted electric service.
Types of Data Compromised
The stolen information varies by individual and is based on what each customer had previously provided to the company. The affected data may include:
-
Full name
-
Phone number
-
Email address
-
Mailing and service addresses
-
Participation in Nova Scotia Power programs
-
Date of birth
-
Customer account history (including power consumption, service requests, payment and billing records, credit history, and past customer support communication)
-
Driver’s license number
-
Social Insurance Number (SIN)
-
Bank account numbers (for those enrolled in pre-authorized payments)
While there is currently no evidence that the stolen information has been misused, the company is urging customers to remain alert for potential fraud or scams that may follow.
Support for Affected Customers
To support impacted individuals, Nova Scotia Power is offering a free two-year subscription to TransUnion’s myTrueIdentity® credit monitoring service. Affected customers will receive notification letters by mail with details about what information was exposed and how to activate the complimentary monitoring service.
“If you receive a letter from us, it will contain a dedicated phone number you can call to ask questions and enroll in the credit monitoring service,” the company said in its announcement. This service is intended to help individuals detect any suspicious activity tied to their identity or financial information.
Increase in Fraud Attempts
Since the incident, Nova Scotia Power has noticed a surge in fraudulent messages and phishing attempts that appear to come from the utility company. These include fake emails, text messages, social media posts, and websites impersonating Nova Scotia Power.
On its official website and social media, the company has issued a clear warning:
“Due to the recent cyber incident, there has been an increase in fraudulent communications posing as Nova Scotia Power. Please remain cautious of any unsolicited messages asking for your personal information. Do not click on links or download attachments from unverified sources.”
The company advises customers to confirm any suspicious communication by contacting their Customer Care Centre directly through verified contact details listed on their official website.
Social Media Update
Nova Scotia Power also used its official X (formerly Twitter) account to share updates. A thread posted on Wednesday reiterated the company’s apology and reassured customers that every effort is being made to protect their privacy.
“We sincerely apologize that this has occurred. Protecting the privacy and security of the information we hold is of the utmost importance to every member of our team,” the company stated. “Starting today, notifications will be sent to impacted individuals via mail. While we have no evidence of misuse of personal information, we have arranged for a two-year subscription to TransUnion’s myTrueIdentity® credit monitoring service at no cost.”
As part of its ongoing efforts, Nova Scotia Power’s IT team is working around the clock with external cybersecurity specialists to rebuild affected systems, improve security measures, and prevent future incidents.
The utility emphasized that safeguarding customer data remains a top priority. It encourages customers to practice good cyber hygiene by:
-
Verifying the source of any unexpected communication
-
Not sharing personal information over phone, text, or email unless certain of the recipient’s identity
-
Monitoring financial accounts for unusual activity
-
Activating the provided credit monitoring service if notified
What You Should Do
If you are a Nova Scotia Power customer and suspect your information may be involved:
-
Watch for a mailed letter from the company with detailed instructions.
-
Enroll in the free two-year credit monitoring service offered through TransUnion.
-
Report any suspicious communications claiming to be from Nova Scotia Power.
-
Contact Nova Scotia Power’s Customer Care Centre if you are unsure about the authenticity of a message.
While physical infrastructure was unaffected in Nova Scotia Power cyberattack, the exposure of personal customer data reveals how critical IT security has become in the utility sector.
As investigations continue, this cyberattack on Nova Scotia Power highlights the urgent need for stronger data protection practices, real-time dark web monitoring, and faster breach detection.
