Nova Scotia Power (NS Power) has submitted a redacted final report detailing its response to a cyberattack earlier this year. The utility described its response as “effective and executed in a very timely and highly coordinated manner” in the filing provided to the Nova Scotia Energy Board (NSEB). The board requested the full incident report by December 31, and NS Power submitted it on December 22.
Certain details remain confidential, including the timeline of the incident, compromised systems, mitigation efforts, customer notifications, and enhanced security measures. The NSEB will review the report and the confidentiality request before determining what information can be made public.
Unauthorized Access and Rapid Notification
Nova Scotia Power confirmed that an unauthorized party accessed its systems on or around March 19 and exfiltrated certain data by April 25. Employees discovered that some applications were non-functional, prompting the company to activate its incident response protocols.
The utility informed multiple Canadian authorities, including the RCMP, the Canadian Centre for Cybersecurity, and the Canadian Security Intelligence Service. Given the potential threat to critical infrastructure and the electric utility sector, Nova Scotia Power also notified the U.S. Federal Bureau of Investigation. The report noted there was no evidence that the attackers accessed operational technology or energy delivery systems.
Customer Impact and Data Management
Earlier filings indicated that all customers could have been affected. Nova Scotia Power reached out to approximately 375,000 impacted customers. The report states there is no evidence that the stolen information has been misused or that customers experienced financial harm. Personal data involved included birth dates and social insurance numbers (SINs).
NS Power has been phasing out SINs from its systems since May 2024 and is committed to permanently deleting remaining SINs. The utility anticipates completing this process by March 31, 2026, with support from external cybersecurity experts.
System Recovery and Meter Reconnection
The cyberattack disrupted billing and meter data integration, requiring NS Power to estimate electricity usage for some customers. Approximately 75 percent of meters have been reconnected, and all are expected to be restored by the end of March 2026. Full restoration of other services, including MyAccount, is scheduled for September 2026.
The utility emphasized that meters continued to accurately record electricity usage despite the attack. The report also highlighted the lessons learned from the incident, noting that real-world cyber incidents provide insights that cannot be fully replicated in planning exercises.
Strengthening Cybersecurity and Future Preparedness
Nova Scotia Power assessed its containment, remediation, and investigation efforts as effective relative to the severity and complexity of the attack. At the same time, the company recognized the importance of refining procedures and improving security measures based on practical experience.
The report underlined that the incident offered valuable information to enhance cybersecurity protocols, strengthen customer protections, and improve overall operational resilience. NS Power continues to monitor systems closely and maintain communication with regulators and customers to ensure ongoing security.
The cyberattack has prompted broader scrutiny from Canadian oversight bodies, including the Office of the Privacy Commissioner, which is conducting a parallel investigation with a review expected to conclude in the coming months.
The report reinforces Nova Scotia Power focus on rapid detection, coordinated response, and system recovery, while highlighting the importance of safeguarding customer data and critical infrastructure against evolving cyber threats.
Visit CyberPro Magazine For The Most Recent Information.
