Nova Scotia Power says it believes it knows who stole customer data
Nova Scotia Power CEO Peter Gregg has revealed that the company believes it has identified the culprit behind the recent ransomware attack that resulted in the theft of customer information. However, due to the ongoing investigation, Gregg is unable to disclose the identity of the threat actor at this time.
During an interview with CBC’s Information Morning Halifax, Gregg mentioned that while some information may have been published on the dark web, there has been no further dissemination of the stolen data to other platforms. He reassured the public that Nova Scotia Power did not comply with the hackers’ ransom demands.
The cybersecurity incident, which was initially detected on April 25 and later revealed to have occurred on March 19, has impacted approximately 280,000 customers. Personal information such as names, phone numbers, email addresses, mailing addresses, dates of birth, account histories, driver’s license numbers, social insurance numbers, and bank account numbers may have been compromised.
Of particular concern is the revelation that around 140,000 social insurance numbers were included in the stolen data. While the federal government states that providing a SIN is not necessary to sign up for utility services, Nova Scotia Power had previously used them for customer authentication. In response to the breach, the company has vowed to discontinue this practice and delete any stored social insurance numbers.
Nova Scotia Power has cybersecurity insurance in place to cover the expenses related to the attack, including free credit monitoring for affected customers for a period of two years. The utility will not seek rate hikes to offset the costs incurred. Customers experiencing billing disruptions due to the ransomware attack will have their next bills estimated based on the previous year’s usage to prevent financial strain.
As for the repercussions on company executives, Gregg stated that the decision regarding his future at Nova Scotia Power lies with the board and leadership of Emera. The issue of executive bonuses post-incident will also be determined by the board. While the breach has undoubtedly caused challenges for the company, Nova Scotia Power is committed to addressing the aftermath and safeguarding customer data moving forward.
