The Nova Scotia Power cyber attack affected more than 900,000 customer profiles.
That’s according to the Office of the Privacy Commissioner of Canada, who investigated last spring’s breach.
The personal information of 340,000 current and 540,000 former customers was compromised.
The breach happened around March 19, 2025 when an employee clicked a pop-up link on a website, and malware was downloaded on the company’s systems.
The threat actor wasn’t discovered until April 25, the company notified the public three days later.
Nova Scotia Power has sent a compliance letter, committing to removing customer Social Insurance Numbers from profiles, and to conduct a comprehensive security assessment.
“I welcome this commitment by Nova Scotia Power to ensure stronger protections for the personal information of its customers,: said Philippe Dufresne, Privacy Commissioner of Canada.
“This privacy breach highlights the significant risks of cyberattacks to individuals and companies. Strong, proactive data protection, including robust safeguards, must be prioritized by all organizations in this evolving landscape.”
Nova Scotia Power President and CEO Vivek Sood says they recognize the impact the attack had on people who rely on them.
“We’ve learned a great deal from this incident and have taken steps to further enhance our cybersecurity and data governance practices to protect against this kind of criminal activity. We are committed to implementing all recommendations to protect our customers and our employees,” said Sood.
Comments