Search

Nova Scotia Power Cyberbreach Affected More Than 900,000 Current and Former Customers

Cyber threats and incidents
By Evan Rowe
Credit: Nova Scotia Power

Related

Founders, Analysts & Industry Voices

Female Cybersecurity Leaders to Watch in Oregon

Oregon’s cybersecurity leadership bench reflects a mix of enterprise...
Read more
Founders, Analysts & Industry Voices

Female Cybersecurity Leaders to Watch in Missouri

Missouri’s cybersecurity leadership bench reflects a mix of higher...
Read more
Cyber threats and incidents

Female Cybersecurity Leaders to Watch in Indiana

Indiana’s cybersecurity leadership bench reflects a mix of enterprise...
Read more
Founders, Analysts & Industry Voices

Female Cybersecurity Leaders to Watch in Utah

Utah’s cybersecurity leadership bench reflects a mix of enterprise...
Read more
Cyber threats and incidents

Ransomware Attack Disrupts Operations at Spain’s Port of Vigo

What happened A ransomware attack disrupting operations at Spain’s Port...
Read more

Share

What happened

A Nova Scotia Power cyberbreach affected more than 900,000 current and former customers, prompting new commitments on data deletion and external security review. The Office of the Privacy Commissioner of Canada said Nova Scotia Power pledged to delete all customer social insurance numbers from its systems by the end of the month and submit an external security assessment by Oct. 31. The commissioner said the breach began after a Nova Scotia Power employee clicked a link in a pop-up on a website compromised by SocGholish malware on or around March 19, 2025. The malware gave a threat actor access to the network. Between April 8 and 22, the actor deployed additional malware and exfiltrated data from network files and cloud storage. On April 25, the actor destroyed backups and deployed malware.   

Who is affected

The direct exposure affects roughly 375,000 current customers and 540,000 former customers of Nova Scotia Power. Potentially compromised personal information included names, phone numbers, email addresses, driver’s licence numbers, birth dates, and social insurance numbers.   

Why CISOs should care

This incident has immediate operational and governance relevance because it combined employee-driven initial access, data exfiltration, backup destruction, and internal system disruption. It also triggered regulatory scrutiny, external assessment commitments, and service issues that affected billing operations even though energy generation and delivery were not disrupted.   

3 practical actions

  1. Remove obsolete sensitive data: Eliminate retained high-risk identifiers that no longer serve an active business purpose, as Nova Scotia Power has now committed to do with customer social insurance numbers.   
  2. Validate backup resilience under attack: Test whether backups can withstand destructive attacker activity, since the threat actor in this incident destroyed backups before malware deployment. 
  3. Treat notification readiness as a control: Review breach notification processes and decision-making because the external assessment will specifically examine the effectiveness of how affected people were notified. 

For more coverage of major security incidents affecting organizations worldwide, explore our reporting on Data Breaches.

Previous article
Ajax Data Leak Exposed Fan Records and Put Ticketing, Stadium Ban Systems at Risk
Next article
Hackers Claim 500GB Namibia Airports Company Data Breach
Founders, Analysts & Industry Voices

Female Cybersecurity Leaders to Watch in Oregon

Oregon’s cybersecurity leadership bench reflects a mix of enterprise...
Founders, Analysts & Industry Voices

Female Cybersecurity Leaders to Watch in Missouri

Missouri’s cybersecurity leadership bench reflects a mix of higher...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.