Cyber breach reverberates at Nova Scotia Power more than a week later

Richard Cuthbertson · CBC News

· Posted: May 06, 2025 11:01 AM EDT | Last Updated: 9 minutes ago

Nova Scotia Power is remaining tight-lipped astir the details of a cyber breach that has forced the institution to intermission billing and led to the shutdown of its online lawsuit portal, and hasn't said what different systems wrong the inferior person been disrupted.

It's been much than a week since the utility, which provides energy to much than fractional a cardinal residential, commercialized and concern customers successful Nova Scotia, said it archetypal detected, connected April 25, unauthorized entree into parts of its web and servers.

The institution has noted large billing and lawsuit work issues, and warned the idiosyncratic accusation of immoderate customers has been taken, but it won't corroborate whether systems specified arsenic payroll person been impacted, though a spokesperson said each employees proceed to beryllium paid. 

"This is precise overmuch an progressive investigation," spokesperson Kathryn O'Neill said successful an email. "We cannot speculate oregon stock unverified accusation portion the probe is ongoing successful collaboration with outer cybersecurity experts."

The International Brotherhood of Electrical Workers Local 1928, the national that represents astir 1,000 Nova Scotia Power employees, said successful a societal media station it is alert of the anticipation of issues with overtime pay. Business manager Jim Sponagle told CBC News the national is asking employees to beryllium diligent arsenic the institution works done the breach.

Ransomware attack?

Julien Richard, the vice-president of accusation information for Lastwall, a Fredericton-based cybersecurity steadfast not progressive successful the Nova Scotia Power case, said with fewer details released by the utility, it is pugnacious to cognize what happened. There are a fig of scenarios, helium said.

In immoderate cases, countries hostile to the West effort to infiltrate captious infrastructure specified arsenic vigor companies, some to observe their interior workings without being detected and to summation the quality to unopen down networks if they aboriginal choose.

But fixed the disruption facing the concern broadside of Nova Scotia Power, and not the electrical grid network, Richard said it's much apt the institution has been deed by a ransomware onslaught oregon immoderate different benignant of incursion motivated by fiscal gain.

Ransomware typically prevents a idiosyncratic oregon a institution from accessing machine files and systems, with criminals past demanding a ransom earlier they volition instrumentality access. Nova Scotia Power has refused to accidental whether it believes it is the unfortunate of a ransomware attack.

Richard said those down the breach whitethorn be solely responsible for the disruptions at Nova Scotia Power, but there's besides the anticipation IT administrators decided to unopen down immoderate systems to "contain the blast radius of this attack."

'Worst moments of their careers'

The inferior has made wide the cyber breach has not disrupted energy generation, transmission oregon organisation facilities, oregon harmed the company's quality to present powerfulness to customers.

Richard said powerfulness companies typically support their concern networks abstracted from those that tally their grids, and in Nova Scotia Power's case, it's "definitely a win" that those down the breach were seemingly not capable to leap from 1 to the other.

One of the reasons truthful small accusation has been released is the institution mightiness not cognize yet precisely what happened, helium said, and integer forensics tin instrumentality a "long time." It's besides apt those down the onslaught are inactive lurking successful the system.

"It's important to accidental that we request to beryllium diligent with the people that enactment there," helium said. "They're astir apt going done the worst moments of their careers.

"I tin warrant you that immoderate of them are astir apt sleeping determination nether their desks and working."

Rebecca Brown, a spokesperson for the province's inferior regulator, the Nova Scotia Energy Board, said successful an email there's not yet a ceremonial proceeding opened, "but that volition come."

Such a proceeding could reappraisal the origin of the incidental and Nova Scotia Power's response, the interaction connected the inferior and ratepayers, including connected lawsuit data, compliance with reliability standards, and recommendations.

Seniors could beryllium targeted

Claudiu Popa, the CEO of cybersecurity institution Datarisk Canada, said the cyber breach appears to beryllium "fairly serious," and is perchance an extortion attempt. 

Generally, helium said, the ransomware "makes itself known" erstwhile the accusation criminals are aft has been stolen. The connection Nova Scotia Power has utilized — that "unusual activity" was detected — suggests that's the case.

He said the theft of fiscal accusation tin often beryllium "rectified rapidly" by banks truthful agelong arsenic customers study it quickly. More hard to hole is individuality fraud.

Both Popa and Richard warned that customers should beryllium wary if they person calls oregon emails purporting to beryllium from Nova Scotia Power. Popa said seniors successful peculiar are targeted due to the fact that criminals comprehend them to person much disposable income and assets.

"If you've got entree to their fiscal details, fiscal information, those radical volition beryllium prioritized, astir apt with phishing emails," helium told CBC Radio's Information Morning.