During Nova Scotia Power successfully maintained electrical service throughout a sophisticated ransomware attack, the province’s primary utility announced on April 28, 2025, that cybercriminals had compromised sensitive data belonging to approximately 280,000 customers. The incident, which began around March 19, represents a significant breach of critical infrastructure security, although power delivery operations remained unaffected.
The attackers employed sophisticated ransomware techniques to bypass security measures, targeting IT systems supporting business applications as they left operational technology intact. They encrypted critical systems and exfiltrated extensive customer data before making ransom demands, which the company refused based on legal and strategic guidance discouraging payments to cybercriminals. Zero-day exploits may have been used to penetrate the utility’s defenses, highlighting the evolving nature of cyber threats.
Cybercriminals used sophisticated ransomware to target business IT systems while avoiding operational technology, encrypting data and demanding payment the utility refused.
Compromised information included names, dates of birth, email addresses, phone numbers, mailing addresses, and service locations. More sensitive data encompassed customer account histories, service requests, power usage patterns, payment records, billing histories, and program participation details. Driver’s license numbers, social insurance numbers, and bank account information for autopay customers were likewise exposed.
Detection occurred on April 25, when unusual activity triggered immediate incident response protocols. Nova Scotia Power engaged forensic cybersecurity experts and law enforcement for investigation and remediation efforts. By May 1, the company confirmed unauthorized access and data exfiltration had occurred, with public updates issued on May 14 and May 23 detailing the attack’s scope.
Following the utility’s refusal to pay ransom, attackers published stolen data on the dark web, escalating the threat to affected customers. Nova Scotia Power has offered credit monitoring and identity protection services to those impacted, as customers face ongoing risks of fraud, identity theft, and financial scams. The company partnered with TransUnion to provide two-year free credit monitoring to affected customers.
The incident highlights growing vulnerabilities within critical infrastructure as energy providers increasingly become targets because of their potential for high-impact disruption and large customer databases. Cybersecurity expert Claudiu Popa from Datarisk Canada has criticized Nova Scotia Power’s lack of transparency regarding details of the breach and its impact on customers. Cybersecurity experts warn that utilities represent attractive targets for ransomware groups and nation-state actors seeking to exploit weak points between core IT systems and business operations.
The attack illustrates urgent needs for improved cybersecurity measures across the utilities sector, as similar infrastructure operators may face comparable threats.
