In recent years, we’ve seen alarming examples of cyber incidents that have disrupted vital sectors like healthcare and business operations. Ransomware attacks have crippled hospitals, forcing them to suspend emergency services and, tragically, resulting in the deaths of patients. Similarly, various businesses have had to shut down permanently due to the crippling effects of malware. Now, a new and concerning development highlights the risks posed by ransomware attacks on critical infrastructure—this time, targeting a power services provider.
Nova Scotia Power, a major Canadian energy firm, is the latest victim of a cyberattack, and the consequences have been severe. The company has been unable to take meter readings from its utility meters due to file-encrypting ransomware, putting its operations and financial systems in jeopardy. As a result, Nova Scotia Power has been forced to rely on estimated bills based on previous consumption to send out monthly power utility charges to its customers, a temporary solution that raises both practical and financial concerns.
The Attack: A Digital Heist
The ransomware incident, which occurred on April 25, 2025, has paralyzed the company’s computer network, hindering normal operations. The hackers behind this attack deployed malware that not only encrypted critical files but also stole a wealth of sensitive data. Among the compromised information were personal details of customers, including:
- Driving license numbers
- Social insurance numbers (SIN) of Canadian citizens
- Full names, email addresses, and physical addresses
- Billing and credit history information
In addition to this, a portion of the stolen data included highly sensitive financial information, such as bank account details—making this breach particularly concerning.
The Breach: Scale and Response
On June 6, 2025, Nova Scotia Power made a public statement revealing that around 280,000 customer accounts were impacted by the cyberattack. This massive data theft raises serious concerns about identity theft and financial fraud, as the information in the hands of cybercriminals could easily be sold on the dark web.
Interestingly, despite the hackers’ usual demands for millions of dollars in cryptocurrency as ransom, Nova Scotia Power did not give in to the cybercriminals’ demands. Instead of paying the ransom, the company turned to cybersecurity experts for assistance. This decision ultimately helped mitigate the fallout of the attack and prevent further damage to the company’s infrastructure.
Ongoing Risks and Mitigation Efforts
While the immediate operational disruption caused by the ransomware has been addressed, the long-term risks remain high. With sensitive customer data now potentially exposed, there is a significant chance that it could be shared on the dark web and sold to malicious actors. To help mitigate the risks for impacted customers, Nova Scotia Power has expanded its credit monitoring services to all those affected by the breach. The company is also working closely with law enforcement agencies to monitor the situation and remain vigilant for any signs of fraudulent activity stemming from the data theft.
The breach highlights a growing threat to critical industries—ransomware is no longer just a concern for tech firms or financial institutions. Power utilities, healthcare providers, and other essential service sectors are becoming prime targets, with devastating effects on both operations and the security of personal data.
Looking Ahead: The Urgency of Cybersecurity
This incident serves as a stark reminder of the vulnerability of critical infrastructure to cyberattacks. As ransomware becomes increasingly sophisticated, it is essential for companies to invest in robust cybersecurity defenses, rapid incident response strategies, and comprehensive data protection measures. The risks are not just operational; the stolen data could have far-reaching consequences for individuals, from financial theft to identity fraud.
For Nova Scotia Power, the road to recovery is just beginning. While they have managed to prevent further damage by rejecting the hackers’ ransom demand, the company will continue to face the challenges of restoring trust, securing its systems, and providing affected customers with the support they need in the aftermath of this serious cyber breach.
Join our LinkedIn group Information Security Community!
