Latest news with #KnowledgeFlow
CTV News
7 days ago
- Business
- CTV News
Thieves gain access to about 140,000 social insurance numbers in NS Power database
Peter Gregg, CEO of Nova Scotia Power, makes an appearance before the Nova Scotia legislature's law amendments committee in Halifax on Monday, Oct. 31, 2022. THE CANADIAN PRESS/Keith Doucette HALIFAX — Nova Scotia Power's CEO says up to 140,000 social insurance numbers could have been stolen by cyber-thieves who recently hacked into the utility's customer records. Peter Gregg said in an interview today that the privately owned utility collected the numbers from customers to authenticate their identities. He says social insurance numbers were in about half of the 280,000 customer records breached by cyber-criminals and released onto the dark web. The breach was first reported in late April. Cybersecurity expert Claudiu Popa says it's worth asking why the company would need this kind of personal information. The founder of the non-profit group KnowledgeFlow says there are less risky ways of identifying customers. The federal government's website says each nine-digit number represents a unique identifier for work applications and government records, and it advises people not to share the number unless it's legally required. Thieves can use the number to commit fraud, such as illegally accessing government benefits and tax refunds. This report by The Canadian Press was first published May 29, 2025.
Global News
7 days ago
- Business
- Global News
Thieves gain access to about 140,000 social insurance numbers in NS Power database
Nova Scotia Power's CEO says up to 140,000 social insurance numbers could have been stolen by cyber-thieves who recently hacked into the utility's customer records. Peter Gregg said in an interview Thursday that the privately owned utility collected the numbers from customers to authenticate their identities. 'If there are a number of John MacDonalds, it (the social insurance number) determines which one we (the utility) are talking to,' Gregg said during the interview at the Halifax headquarters of the Emera subsidiary. On May 23, Gregg said the data of about 280,000 Nova Scotia Power customers was breached in a ransomware attack — more than half of the total. Asked Thursday how many of these records contained the confidential, nine-digit social insurance numbers, Gregg replied, 'approximately half.' Cybersecurity expert Claudiu Popa questions why a utility would need to keep this kind of data about customers for customer authentication purposes. Story continues below advertisement The founder of the non-profit group KnowledgeFlow says there are less risky ways to identify customers with similar names than to store their social insurance numbers. Get breaking National news For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen. Sign up for breaking National newsletter Sign Up By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy 'It clearly states on government websites that using one of a person's most confidential identifiers is not the recommended approach to identifying individuals,' he said in an interview Thursday. The federal government's website says the numbers are for work applications and government records, and it advises people not to share them unless it's legally required. It also notes that thieves can use the numbers to commit fraud, including attempting to access government benefits and tax refunds. 'There's an almost infinite number of ways that these numbers can be used in fraud,' said Popa. Gregg said that the social insurance numbers weren't required from its customers, and they offered them voluntarily. The breach of the customer records was first reported in late April, and the company later indicated the first breach was detected in mid March. Popa has said the company should by now have provided more precise information to each customer about what personal data was stolen, and given explicit warnings about potential harm. Gregg said that more details will be provided as IT staff and other cybersecurity consultants continue working to obtain the information. Story continues below advertisement 'We want to be careful to say what we know and not what we think,' he said. 'As we get deeper into the investigation and we are able to confirm details, that information will be shared with our customers.' This report by The Canadian Press was first published May 29, 2025.
