HQ/EMEAFind out how we can help your business
Nova Scotia Power has confirmed that hackers obtained sensitive customer data during a data breach incident initially uncovered last month.
The affected entity is part of Emera Inc., which services at least 500,000 residential, commercial, and industrial customers throughout Nova Scotia and holds approximately 95% of the province’s electricity market.
The company produces more than 10,000 gigawatt-hours (GWh) of energy annually and maintains an extensive distribution network with 30,000 kilometres (20,000 miles) of power lines.
Nova Scotia Power disclosed that it detected the unauthorised activity in April 2025.
On April 28, 2025, Nova Scotia Power announced that it had detected unauthorised access to specific network sections and servers supporting business functions.
While electricity generation and distribution were not impacted, the incident disrupted internal systems during the initial response period.
By May 1, 2025, investigators suspected customer data had been compromised. An update issued on May 15 confirmed this concern, detailing the data types exposed in the breach.
Affected information includes full names, contact details, physical addresses, dates of birth, and data related to participation in Nova Scotia Power programs.
More sensitive data were also accessed, such as driver’s license numbers, Social Insurance Numbers, specific bank account details, and customer account histories, including billing, payments, service requests, and correspondence.
Further investigation indicated that the breach occurred earlier than first thought on March 19, 2025. This detail implies that almost two months have passed since those affected were informed. Notices are being sent to impacted customers, providing information on the incident and available support services.
While the company states that there is no evidence of the stolen data being misused, it offers affected customers two years of complimentary credit monitoring as a precaution.
The notification letters include guidance on enrolling in the monitoring service and information on additional protective measures recipients can take.
Furthermore, Nova Scotia Power advises customers to be alert for phishing attacks, especially those impersonating the utility, to extract further personal information.
As of now, no ransomware group has claimed accountability for the breach.
