The Canadian-based electric utility company has now admitted they are handling a ransomware attack.
What happened
Canadian electric utility company, Nova Scotia Power, admitted on May 23rd that they had been responding to a ransomware attack that began a little over a month ago.
The breach was initially disclosed by Nova Scotia Power and its parent company, Emera, on April 28th. Emera–which also does business in the United States–and Nova Scotia admitted on May 1st that the attack led to hackers stealing information.
Impacted information includes names, dates of birth, phone numbers, email addresses, mailing and service addresses, power consumption, service requests, and payment, billing, and credit history. Additionally, hackers accessed driver’s license numbers, Social Insurance Numbers, and bank account numbers shared for pre-authorized payments.
What’s next
Nova Scotia has emphasized that the incident has not caused any disruption to electricity generation, transmission, or distribution facilities.
On a May 23rd update, the power company also stated that “no payment has been made to the threat actor.” They further added that the decision not to pay “reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance.” In general, it is always recommended not to pay a ransom to malicious organizations, as this can increase the likelihood of being targeted in future attacks.
The company added that they have learned that “the threat actor has published data that was stolen from our systems.” They are now working with cybersecurity experts to assess the nature and scope of the information that may have been impacted.
The company is mailing notifications to impacted account holders, which include detailed information about resources and support. Lastly, Nova Scotia has stated that they are “working to further strengthen our systems and add additional security protections.”
Why it matters
Although Nova Scotia serves customers in Canada, their parent company, Emera, also serves patients in the United States. While the incident may not have a direct impact on US residents, its impact on Emera could result in challenges to the company further down the line. The incident shows that many organizations are connected across national borders, and what happens in one country could have repercussions for others. For instance, Nova Scotia may now be prompted to revamp their cybersecurity policies, which could spill over to Emera.
FAQs
Why was Nova Scotia Power targeted?
Hackers often target critical services, as organizations like Nova Scotia may be more likely to pay a ransom if they feel direct and significant consequences from an attack. Nova Scotia is responsible for generating, transmitting, and distributing electrical power for 550,000 customers, making the attack potentially lucrative.
Should customers of Emera be concerned?
Currently, Emera customers do not need to be concerned, as this incident was isolated to Nova Scotia customers.
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
Abby Grifno
