5 days ago
Nova Scotia Power seeking more time to file reports on cybersecurity attack
Nova Scotia Power is requesting additional time to file monthly reports on the cybersecurity attack that compromised the personal information of hundreds of thousands of customers earlier this year.
In July, the Nova Scotia Energy Board ordered Nova Scotia Power to file a full report on the cyberattack by the end of 2025. It also required the utility to file monthly updates on its response to the incident, the first of which was due on Aug. 1.
However, on Aug. 1, Judith Ferguson, executive vice president of regulatory, legal and government relations for Nova Scotia Power, sent a letter to the Energy Board saying they needed 'additional process clarification' and an extension on the start date for the monthly updates.
'The Board understands that NS Power is concerned about the sensitivity of the information to be provided and intends to seek Board approval to provide some or all of the information confidentially,' the Energy Board said in a response to the letter. 'The Board agrees that the filing of the report may be delayed but directs NS Power to file any request it intends to make around confidentiality or other process issues with the Board no later than August 15, 2025.'
The Energy Board previously said the report should include a timeline of the cyberattack, details on the type and amount of exposed personal information, a review of the utility's policies and practices, and recommendations to improve security measures.
'Once the report is filed, the Board will launch a public process to review both the report and NS Power's planning for and response to the incident,' a news release from the energy board said at the time. 'The Board continues to work with MNP Digital, which is independently assessing the cybersecurity incident on behalf of Board Counsel and staff. NS Power has provided a high-level briefing about the incident to MNP, Board Counsel, and staff.'
Cyberattack timeline
Nova Scotia Power has previously said it detected 'unusual activity' on its network on April 25. It later learned the breach happened on or around March 19.
The utility told the public it was the 'victim of a sophisticated ransomware attack' on May 23. An estimated 280,000 customers were impacted by the incident, which potentially compromised personal information like names, social insurance numbers, email addresses and phone numbers.
Nova Scotia Power is offering five years of free credit monitoring to all former and current customers due to the cyberattack.
Along with the energy board, the Office of the Privacy Commissioner is also investigating the incident.
For more Nova Scotia news, visit our dedicated provincial page
