Cyber Incident Updates
News
December 1, 2025
Last week, we were invited to appear at the Standing Committee on Natural Resources and Economic Development. Peter Gregg, our President and CEO, and Chris Lanteigne, our Director of Customer Care, attended the meeting on Tuesday, November 25.
Opening remarks by Peter Gregg
Thank you for inviting us to today’s committee meeting. I’m joined today by our Director of Customer Care, Chris Lanteigne.
At Nova Scotia Power, our commitment to providing reliable power to Nova Scotians has been unwavering for over 100 years. We recognize that the recent cyber event has affected the trust we have built with our customers, and I want to acknowledge and apologize for the concern and disruption this has caused.
Over the past 215 days, our team has worked around the clock to restore and strengthen our systems and to support our customers. And we recognize that the cyber incident continues to impact our customers, including concerns about estimated bills. To you the committee, and to all Nova Scotians, my promise to you is if we have overestimated your bill, we will fix it. If you have overpaid, we will fix it. And if we make a mistake, we will fix it.
This incident was an unprecedented, sophisticated, and targeted attack. Based on expert assessments and intelligence, there is a high degree of confidence that the activity was closely associated with a Russia-based threat actor group.
While we have made significant investments in cybersecurity, these types of threats are becoming increasingly complex and challenging for organizations worldwide. Thanks to our robust systems, ongoing investments, and the dedication of our people, we ensured that core operations and the electric grid continued uninterrupted—no power was lost to Nova Scotians.
There is still much work ahead, and as our investigation into the incident is almost complete, we continue to learn important lessons from this event. Since the attack, we have implemented a comprehensive recovery plan and made progress in several areas, such as continuously evolving IT security processes and protection systems, upgrading our online customer account portal, launching a new secure cloud-based customer communication system, and upgrading our financial systems to return to paying our suppliers in an appropriate timeframe.
Most importantly... we remain focused on the impact this has had on Nova Scotians. We understand the ongoing challenges related to billing, payments to our suppliers, and longer wait times to speak with our care team, and we are working diligently to resolve them. Restoring all systems will take time, but we are providing flexible options for our customers—such as Equal Billing, pay-what-you-can arrangements, and photo meter reads—until we’re able to reconnect our systems and provide up-to-date bills.
We no longer collect social insurance numbers and are on track to complete their removal from our systems by March 31, 2026. We are also on track to reconnect customer meters with our billing systems by the end of March. Our team has worked to address outstanding payments to suppliers, and we expect to be caught up on these payments before the end of the year.
I want to recognize the remarkable efforts of Nova Scotia Power employees, who are also our customers. Their resilience and innovation have been critical in supporting our customers during this challenging time.
While responding to this incident has required significant resources, our core mission remains: to provide reliable and affordable power. Over the past year, we have invested more than 200 million dollars in reliability, including replacing 3,000 power poles across the province and clearing trees from 1,500 kilometers of power lines. We continue to make essential investments to meet our customers’ energy needs and strengthen future resilience.
In September, we submitted a General Rate Application to our regulator. There is never a good time to request an increase to power rates. At the same time, the reliability investments we’ve applied for cannot wait. This rate application was developed in collaboration with customer advocates who have agreed that the request strikes the right balance between affordability and reliability. We appreciate the vital role of Nova Scotia’s independent regulator and welcome the transparent and public process with the Energy Board in January. We continue to fully cooperate with ongoing cyber investigations by both the Nova Scotia Energy Board and the Office of the Privacy Commissioner of Canada.
In closing, I want to reiterate our commitment to supporting Nova Scotians, minimizing the impact of this incident, and rebuilding trust. We do not take this responsibility lightly. Again, my promise to you is if we have overestimated your bill, we will fix it. If you have overpaid, we will fix it. And if we make a mistake, we will fix it.
We thank our customers for their patience and understanding as we work through this difficult and evolving situation.
Thank you for the opportunity for this important discussion today.
Peter Gregg, President & CEO, Nova Scotia Power
Previous Updates
Monday, November 3, 2025 Update
We advised customers beginning in May that we would be offering credit monitoring to anyone whose data was impacted in the sophisticated cyber-attack that impacted Nova Scotia Power. In June, we expanded the offer of credit monitoring to five years of coverage for all current and former customers.
Since the credit monitoring offer was introduced, many Nova Scotians have taken advantage of this offer, at no cost to them, to help them protect themselves and their data from cybercriminals.
We reinforced this offer in September when we provided an update to the Nova Scotia Energy Board (Matter #M12273) indicating that additional customers may have had their data impacted, and that we were investigating further. It is important that all customers impacted by this incident have access to credit monitoring. We continue to directly notify additional impacted customers as our ongoing thorough investigation nears completion. In addition to new notifications, this includes sending new letters to some customers who were notified via letter earlier this year but were unable to be reached due to incorrect addresses.
For anyone who receives a letter from us, tips on registering for credit monitoring can be found here, as well as information on additional steps. Our goal is to make the sign-up process as easy as possible.
We remain focused on supporting our customers. We are here for regular business from 8 AM to 6 PM, Monday through Friday. Please contact us at 1-800-428-6230.
Friday, September 19, 2025 Update
In response to the cyber incident earlier this year, we have been offering five years of free credit monitoring to all our customers—past and present—regardless of whether they received a letter from us about the incident. Customers are highly encouraged to take advantage of this offer, if they have not already done so, before it closes on September 30, 2025.
To sign up for the credit monitoring service you can visit here to validate and secure a unique code for the service. Or if you received a letter from us, that letter has the unique code contained within, along with instructions on how to activate.
To make it easier to help all customers through the sign-up process, tips on registering for credit monitoring can be found here.
We are focused on supporting our customers. We are here for regular business from 8 AM–6 PM, Monday through Friday. Please contact us at 1-800-428-6230.
Tuesday, July 8, 2025 Update
Since the cyber incident discovered on April 25, power meters have continued to function and gather accurate energy usage data from homes and businesses across the province. However, due to the cyber incident, the meters have not been able to communicate that data to our systems. As a result, we initially paused customer billing and have recently resumed billing with most customers receiving estimated bills until our systems are restored and meters begin communicating again.
Starting this month, you will begin to see meter readers in your community. To provide you with a bill based on your actual energy usage, meter readers began gathering energy use data from meters earlier this month. In most cases, meter readers will need to access the meter on your property—this will only take a few minutes, and you do not need to be home for your meter to be read.
Meter readers will be wearing Nova Scotia Power branded clothing and will carry identification badges with the word "Contractor" at the bottom. If meter readers are unable to access your meter due to vegetation, pets, fencing, etc., you will receive an estimated bill based on an average of the previous energy used at your property during a similar time of year.
Learn more about our adjusted billing process here >
A dedicated team within Nova Scotia Power, along with third-party cybersecurity experts, are continuing the investigation into the recent ransomware attack that has impacted our customers and our company. Today, we are providing an update on the recent cyber incident and impacts to the personal data of former customers. We are also announcing an expansion of credit monitoring.
Beginning today, we will be offering five years of free credit monitoring to all customers of Nova Scotia Power—past and present—regardless of whether you received a letter from us about the incident. Customers will not pay for any costs incurred by Nova Scotia Power for credit monitoring resulting from this incident.
We have determined through our investigation that the personal information of former customers was also accessed on or around March 19, 2025, and later taken by an unauthorized third-party, in addition to the personal information of the current customers to whom notifications have already been sent.
We are working to determine the full scope of data that may be impacted but we cannot rule out the possibility that some or all of the following personal information has been impacted: name, phone number, email address, mailing and service addresses, Nova Scotia Power program participation information, date of birth, and customer account history (such as power consumption, service requests, customer payment, billing and credit history, and customer correspondence), and driver’s license number. For some of our former customers, bank account numbers (for pre-authorized payment) and Social Insurance Numbers may also have been impacted.
We intend to do everything we can to support current and former customers, which includes expanded access to credit monitoring.
Those who want to sign up for the credit monitoring service can click here to validate and secure a unique code for the service. Anyone who has already signed up for credit monitoring will automatically be extended to five years.
We are focused on supporting our customers. We are here for regular business from 8 AM–6 PM, Monday through Friday. Please contact us at 1-800-428-6230.
To make it easier to help all customers through the sign-up process, tips on registering for credit monitoring can be found here and will be included in upcoming bills, as well as available in locations throughout the province. This includes information on additional steps customers can take to protect themselves from identity theft. We are also deploying employee volunteers to communities across the province to provide hands-on support for customers who prefer assistance in person.
We encourage customers to remain vigilant and cautious about any unsolicited communications (such as emails, text messages, social posts, or phone calls), including messages that appear to be from Nova Scotia Power asking you to provide your personal information. Please avoid clicking on suspicious links or downloading attachments without confirming they are from a legitimate source.
We have heard concerns about SINs, which we historically collected for customer authentication purposes. We are committed to permanently deleting all instances of SINs from our systems as soon as our investigation allows.
Nova Scotia Power is continuing to take steps to fully understand what happened in this matter and to prevent a recurrence of this issue. Additionally, we are fully cooperating with the Office of the Privacy Commissioner of Canada and the Nova Scotia Energy Board, which have both announced investigations into this incident.
We recognize that this incident may have shaken the confidence of some of our customers. We are working hard to do everything we can to regain your confidence.
Following the recent ransomware attack and its effect on our customers, we've been invited to speak with members of the Nova Scotia Public Accounts Committee at their meeting today.
While recognizing that the investigation and response efforts remain ongoing, we have committed to be as open and transparent as possible. This meeting today is a part of that transparency.
Opening remarks by Peter Gregg, President & CEO
On behalf of our entire team at Nova Scotia Power, thank you for the invitation to attend today’s committee meeting. Cybersecurity is a critical issue facing private, public, and government organizations right now and we all need to work together to protect the security of Nova Scotians. I am here today with two colleagues, Chris Lanteigne, Nova Scotia Power’s Director of Customer Care, and Chris Heck, the Chief Digital Officer from our parent company, Emera. We appreciate the opportunity to discuss this issue with you today and how we can get stronger together as we move forward.
I would like to begin with reiterating our sincere apologies to all our customers that they have been impacted by this cyber incident. We understand it is very concerning and we’re working hard to address customer issues and to continue to strengthen our systems as we work to restore and rebuild.
As we begin, it’s important to remind people of the sensitivity of the incident and the fact that it is ongoing. This was a sophisticated attack on Nova Scotia Power and our customers by a criminal who has stolen data from our systems. We are committed to being as open and transparent as possible, as we have been since the beginning of the incident—our investigation and response efforts remain ongoing.
Maintaining the integrity of the active investigation, under the careful guidance of leading cybersecurity experts, is essential. We have also notified and sought input from law enforcement.
The privacy commissioner of Canada stated last week that: “Data breaches have surged over the past decade, and this incident highlights the growing risks of cyberattacks for all organizations.”
Despite this reality, we know that to our customers, Nova Scotia Power is not just any organization. We are a vital part of their every day lives and we take that responsibility very seriously. And we take cybersecurity very seriously and work every day to manage threats and continually evolving risks.
I want to assure the committee that before this attack we invested heavily in keeping our network and information secure. We implement measures and controls designed to align with the National Institute of Standards and Technology and the North American Electric Reliability Corporation (NERC), organizations that set standards for electric utilities across North America. However, as we know, the cyber criminals are getting more and more sophisticated and we continue to focus our efforts and make investments to address these growing threats.
No payment has been made to the criminal. This reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance. It was illegal to make a payment.
Immediately after detecting unusual activity on our network on April 25, we activated our existing cyber incident response and business continuity protocols. These included engaging leading third-party cybersecurity experts and taking swift actions to contain and isolate the affected systems to prevent further intrusion. Our cybersecurity program ensured that our operations systems and electric grid continue to perform as usual.
As you know, the criminals stole data, which unfortunately includes the personal data of customers. We’ve sent notifications to those impacted existing account holders and encouraged them to sign up for free credit monitoring service and are continuing to investigate the full scope of the impact of the data. And this investigation is complex, extremely detailed, and will take time.
I am also encouraging all impacted customers to sign up for complimentary credit monitoring and identity protection services. We have updated our website to include tips on some of the common issues customers have had in signing up.
Additionally, for anyone experiencing challenges, we will start providing in-person support in various communities across the province starting later this week to assist our customers. Signing up online remains the best path for customers, but we plan to provide some in-person support for those who are less comfortable with the online process or have questions. More details will be communicated in the coming days.
I want to assure you that we are cooperating at all levels on the investigation of this criminal attack. As you are aware, formal investigations of the incident have been initiated by both the Nova Scotia Energy Board and the Office of the Privacy Commissioner of Canada. Nova Scotia Power will fully cooperate with both of these proceedings.
You have my commitment that our team is focused on the continued investigation of our restoration efforts. We will continue to be open and transparent as we move through this process. We know that our customers feel we have let them down and we are doing everything we can to support them. We thank all our customers for their patience as we continue to work through this very difficult and active situation.
Thank you. We look forward to the discussion.
Peter Gregg, President & CEO, Nova Scotia Power
We wanted to provide an update on Nova Scotia Power's ongoing cyber incident. Today, we are confirming we have been the victim of a sophisticated ransomware attack.
Since the incident began several weeks ago, Nova Scotia Power has been actively working with the assistance of third-party cyber security experts to restore our systems safely and investigate the incident. We have also been working to further strengthen our systems and add additional security protections.
No payment has been made to the threat actor. This decision reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance.
We have learned that the threat actor has published data that was stolen from our systems. We are actively working with cybersecurity experts to assess the nature and scope of the information that may have been impacted.
Notifications have been mailed to impacted account holders, which include detailed information about resources and support. Arrangements have been made with the consumer reporting agency, TransUnion, to provide impacted individuals with a two-year subscription to a comprehensive credit monitoring service (TransUnion myTrueIdentity®) at no cost.
We encourage customers who receive a notification to enroll in the TransUnion credit monitoring service and otherwise remain vigilant and cautious about any unsolicited communications (such as emails, text messages, social posts, or phone calls), including messages that appear to be from Nova Scotia Power asking you to provide your personal information. Please avoid clicking on suspicious links or downloading attachments without confirming they are from a legitimate source.
We remain sincerely sorry that this issue has occurred. Protecting the privacy and security of information held by Nova Scotia Power is something we take very seriously.
Nova Scotia Power continues to investigate a cyber incident that has impacted certain IT systems in our network. We are working with external cybersecurity experts to determine the scope of the impact and safely and securely restore and rebuild our impacted systems.
While the investigation remains ongoing, we have determined that on or around March 19, 2025, certain customer information stored on the impacted servers was accessed and later taken by an unauthorized third party.
Notifications are in the process of being mailed to impacted account holders, which includes detailed information about resources and support. While we have no evidence of misuse of your personal information, as a precaution, arrangements have been made with the consumer reporting agency, TransUnion, to provide impacted individuals with a two-year subscription to a comprehensive credit monitoring service (TransUnion myTrueIdentity®) at no cost.
The types of impacted personal information varied by individual customer and depended, in part, on the information provided by each customer. This may have included one or more of the following: name, phone number, email address, mailing and service addresses, Nova Scotia Power program participation information, date of birth, and customer account history (such as power consumption, service requests, customer payment, billing, and credit history, and customer correspondence), driver’s license number, and Social Insurance Number. For some of our customers, bank account numbers (for pre-authorized payment) may also have been impacted, if this information was provided by these customers.
We encourage customers to remain vigilant and cautious about any unsolicited communications (such as emails, text messages, social posts, or phone calls), including messages that appear to be from Nova Scotia Power asking you to provide your personal information. Please avoid clicking on suspicious links or downloading attachments without confirming they are from a legitimate source.
Any customer who receives a letter in the mail from Nova Scotia Power will be provided with a phone number to call with any questions and to activate their two year subscription for credit monitoring.
Nova Scotia Power is providing important information about the recent cyber incident affecting our company.
On April 25, we detected unusual activity on our network and immediately initiated our incident response plan. This included taking steps to contain the incident, launching a thorough investigation with the help of external cybersecurity experts, and working to restore affected systems safely and securely. We have also notified law enforcement.
While our investigation is ongoing, we have identified that certain customer personal information was accessed and taken by an unauthorized third party.
Rest assured, we are treating this situation very seriously. The security of your information is our top priority. We are working urgently to determine the full nature and scope of the data that may have been affected, and individuals impacted.
If we determine that your data was affected, we will send you notice with further details including about the affected information, along with resources and support.
We encourage you to remain vigilant and cautious about any unsolicited communications (such as emails, text, social posts, or phone calls) that appear to be from Nova Scotia Power asking you to provide your personal information. Please avoid clicking on suspicious links or downloading attachments without confirming they are from a legitimate source.
We are committed to providing further updates as our investigation progresses. Our team asks for your patience as we work to understand the specific details of this unfortunate cyber incident.
There remains no disruption to Nova Scotia Power’s generation, transmission, and distribution facilities, and the incident has not impacted on our ability to safely and reliably serve customers in Nova Scotia.
We appreciate your patience and trust as we work to address this situation.
Emera Inc. and Nova Scotia Power today announced on April 25, 2025 they discovered and are actively responding to a cybersecurity incident involving unauthorized access into certain parts of its Canadian network and servers supporting portions of its business applications.
Immediately following detection of the external threat, the companies activated their incident response and business continuity protocols, engaged leading third-party cybersecurity experts, and took actions to contain and isolate the affected servers and prevent further intrusion. Law enforcement officials have been notified.
There remains no disruption to any of our Canadian physical operations, including at Nova Scotia Power’s generation, transmission and distribution facilities, the Maritime Link or the Brunswick Pipeline, and the incident has not impacted the utility’s ability to safely and reliably serve customers in Nova Scotia. There has been no impact to Emera’s U.S. or Caribbean utilities.
Emera will release its Q1 Financial Statements and Management Disclosure and Analysis on May 8, 2025, as planned. At this time, the incident is not expected to have a material impact on the financial performance of the business.
Our IT team is working diligently with cyber security experts to bring the affected portions of our IT system back online.
FAQs
What happened?
Last updated: November 3, 2025
On April 25, we discovered and began actively responding to a cybersecurity incident involving unauthorized access into certain parts of our network and servers. Upon further investigation with external cybersecurity experts, we identified that certain customer personal information was accessed and taken by an unauthorized third party. This was the result of a sophisticated ransomware attack. In compliance with sanctions laws and law enforcement guidance, no ransom was paid; it was illegal to pay a ransom.
We are committed to continuing to directly notify our customers if we discover through the ongoing investigation that their data has been impacted. Customers will receive letters to provide them with the additional opportunity to sign up for five years of free credit monitoring.
What kind of customer information was taken?
Last updated: November 3, 2025
The types of impacted personal information varied by individual customer and depended, in part, on the information provided by each customer. This may have included one or more of the following: name, phone number, email address, mailing and service addresses, Nova Scotia Power program participation information, date of birth, customer account history (such as power consumption, service requests, customer payment, billing and credit history, and customer correspondence), driver’s license number, and Social Insurance Number. For some of our customers, bank account numbers (for pre-authorized payment) may also have been impacted, if this information was provided by these customers.
I got an email from Nova Scotia Power/TransUnion. Can I trust it to follow the links?
Last updated: November 3, 2025
We received a number of letters that were returned through Canada Post from the initial outreach to impacted customers offering credit monitoring. We are making a concerted effort to reach these customers in a new round of outreach, which may include email. We commend our customers for being cautious about any emails they receive that appear to be from Nova Scotia Power. To confirm the legitimacy of any communication you receive from us, please reach out to our Customer Care team at 1-877-428-6230 or to Transunion at 1-844-818-0376.
When will Social Insurance Numbers (SIN) be fully deleted from your systems?
Last updated: November 3, 2025
We have begun the process of deleting all SINs from our systems. We intend to complete the removal of all customer SINs by early 2026, subject to legal requirements to retain such information in limited cases, as we complete our recovery efforts from the cyber incident and investigations wind down, and will provide an update to our customers when this is complete.
When will all services and systems return to normal?
Last updated: November 3, 2025
The ransomware attack had wide-reaching impacts on our internal back-end systems. While many services and systems have been restored, we anticipate full restoration will carry forward into 2026. We expect customer billing to return to business as usual in early 2026, with interim measures maintained until that time to ensure continuity for customers.
We are providing regular updates to customers and to the Nova Scotia Energy Board on the impacts and recovery from the cyber incident. We’re also cooperating with the Office of the Privacy Commissioner (OPC) on their investigation.
Why is the investigation not completed yet?
Last updated: November 3, 2025
Our teams are committed to ensuring that no stone is left unturned in the investigation, and that all impacted customers are notified and provided with the opportunity to sign up for free credit monitoring. Because of the volume of data impacted and the sophistication of the attack, we've been taking every precaution to ensure we are analyzing the impacted data with diligence and extreme care.
I didn’t receive a letter recently, but I missed the previous deadline—can I still get the free credit monitoring?
Last updated: November 3, 2025
Unfortunately, the previous offer of free credit monitoring services to all current and former customers expired in September.