Latest news with #NovaScotiaPower
CTV News
a day ago
- Business
- CTV News
CTV National News: Thieves steal copper wires from telephone poles in remote communities
Watch Copper theft continues to grow throughout North America, causing power outages in some remote Nova Scotia areas. CTV News' Paul Hollingsworth reports.
CTV News
2 days ago
- General
- CTV News
Some NS Power customers' info on the dark web
Atlantic Watch Some Nova Scotia Power customers say their personal information has shown up on the dark web.
CTV News
3 days ago
- Business
- CTV News
Some customers say data appeared on dark web after Nova Scotia Power breach
Some Nova Scotians say they've received disturbing notifications from credit monitoring services alerting them that their personal data is now circulating on the dark web – and they believe it's linked to the recent cybersecurity breach at Nova Scotia Power. The dark web is a hidden part of the internet that requires special software to access. While not all activity there is illegal, it is commonly used by criminals to buy and sell stolen personal information, including names, addresses, banking details and social insurance numbers (SIN). Nov Scotia Power confirmed earlier this month it experienced a cyberattack involving a third-party vendor. The utility, owned by Emera Inc., said hackers may have accessed sensitive customer information, and about 140,000 SINs may have been taken, according to the company's CEO. Cybersecurity expert Claudio Popa said the incident is troubling on multiple levels, particularly because it follows another major data breach in Nova Scotia less than a year ago. In May 2023, the MOVEit file transfer software breach compromised data belonging to more than 100,000 people across the province. 'I immediately wondered what the overlap would be and whether an opportunistic cybercriminal would be able to aggregate the data from the two breaches to build more details profiles,' said Popa. 'People must be quite sensitized to having their identities stolen and abused as a result of events beyond their control.' Popa said the breach at Nova Scotia Power exposes serious lapses in data handling, starting with why the utility collected SINs in the first place and why that information was not encrypted. 'In Canada, the SIN is central to people's identities. Utilities generally don't have a reason to collect them, so they should not,' he said. 'It's clear they were not securely stored. Otherwise, they would have been encrypted. We still don't know why were being collected in the first place.' Popa said Nova Scotia Power failed to seize a critical opportunity to rebuild trust with customers – namely by being transparent about the scope of the breach and the ransom demand it reportedly received from the attackers. 'The first should have been telling customers immediately when they were asked to pay a ransom,' Popa said. 'When organizations are upfront, people instinctively offer goodwill but when communication is delayed or vague, it leads to erosion of trust.' The utility has offered customers two years of optional credit monitoring through TransUnion, but Popa said that's insufficient given the nature of the data that was potentially exposed. 'All customers should be getting 10 years of credit monitoring, automatically,' he said. 'This is immutable identity data. You can't change your SIN. The risk doesn't expire in two years.' Popa recommends Nova Scotia Power take three immediate steps: explain the risks tied to the specific data that was stolen advise customers to report any suspicious activity to the Canadian Anti-Fraud Centre provide access to independent resources such as those from the federal privacy commissioner. He also noted people who receive dark web alerts from Equifax or TransUnion may not always see specifics. The alerts typically signal that some form of personal information – not necessarily SINs – is circulating in cybercrime marketplace. 'It would be your email address, home address, or phone number. Criminals buy multiple data sets and piece them together to impersonate you more convincingly,' Popa said. As the investigation continues, Popa emphasized that cybersecurity breaches are no longer rare events and companies should be better prepared. 'There's no substitute for conducting breach response simulations,' he said. 'You don't want your team thinking about how to respond for the first time while the breach is happening. These are learning opportunities, and companies need to treat them that way.' NS Power The Nova Scotia Power building is pictured in downtown Halifax. (Jonathan MacInnis/CTV Atlantic) For more Nova Scotia news, visit our dedicated provincial page
CBC
3 days ago
- Business
- CBC
Nova Scotia Power says it believes it knows who stole customer data
The head of Nova Scotia Power says the company believes it knows who stole customer information in a recent ransomware attack. However, CEO Peter Gregg says he can't disclose that information as the company's investigation is ongoing. "We do have a good sense of who the threat actor is," Gregg told CBC's Information Morning Halifax on Friday morning. "I can't really get into the details of that." Gregg said the company believes some information may have been published on the dark web — part of the internet that requires special software to access, and which cybercriminals can use to buy and sell data and other illicit materials — but that there has been no spread of the information to other sites. The utility has said it did not give any money to the hackers as part of the ransom demand. Nova Scotia Power announced publicly on April 28 that it was dealing with a cybersecurity incident it discovered three days earlier, on April 25. The company later said the actual hack had occurred more than a month earlier, on March 19. About 280,000 customers have been affected by the attack — about half of the utility's total customers and more than a quarter of the province's population. Letters distributed to affected customers say the stolen information may include the customer's name, phone number, email address, mailing address, date of birth, account history, driver's licence number, social insurance number and bank account numbers. Gregg said if a customer has not yet received a letter, he's "fairly confident" their information was not taken. Social insurance numbers stolen Gregg told the CBC Nova Scotia Power still doesn't know exactly which information was taken from each customer, but that about 140,000 social insurance numbers were included in the stolen data. The federal government says people do not have to provide their SIN to sign up for utility service, except for Hydro Quebec customers. Gregg told Information Morning that Nova Scotia Power has used social insurance numbers as a way of authenticating customers in the past, but it will no longer do that, and it will delete social insurance numbers that are on file. Asked why Nova Scotia Power was keeping so many social insurance numbers on file long after a customer's identity had been confirmed, Gregg said, "I don't have a good answer for you for that today. "It's an unfortunate thing. I apologize to our customers that they're in that situation, but at this point in time we need to continue the investigation." Gregg said the Office of the Privacy Commissioner has its own investigation taking place, and Nova Scotia Power is co-operating. Insurance At the time the breach was announced, Nova Scotia Power said it was not expected to affect the company's financial performance. Gregg said Friday the utility has cybersecurity insurance and he anticipates that will cover the cost of dealing with the attack. Nova Scotia Power has offered affected customers free credit monitoring for two years with TransUnion. Gregg said the company chose the two-year period based on consultation with cybersecurity experts and what they said were best practices. Gregg acknowledged that "there were some bumps" early on as customers struggled to access the site and set up the monitoring service, but said those have been dealt with and the process should be smoother now. Upcoming bills Nova Scotia Power's billing system was affected by the ransomware attack, but Gregg says the meters were not. However, the company still needs to rebuild the links between those networks. So, the utility will estimate customers' next bills based on the same time period from last year so that the bills don't pile up and customers aren't hit with "multi-month large bills," Gregg said. Late fees will be waived in the meantime, he said, and the company is looking at verifying all meters before the normal ways of billing resume. Consequences for company executives? Asked whether Gregg's own position as CEO of Nova Scotia Power may be jeopardized by the security breach, he said, "the future of me is up to my board and leadership of Emera." As for executive bonuses and whether they will be warranted after the incident, Gregg said that decision is out of his hands.
CTV News
4 days ago
- Business
- CTV News
Thieves gain access to about 140,000 social insurance numbers in NS Power database
Peter Gregg, CEO of Nova Scotia Power, makes an appearance before the Nova Scotia legislature's law amendments committee in Halifax on Monday, Oct. 31, 2022. THE CANADIAN PRESS/Keith Doucette HALIFAX — Nova Scotia Power's CEO says up to 140,000 social insurance numbers could have been stolen by cyber-thieves who recently hacked into the utility's customer records. Peter Gregg said in an interview today that the privately owned utility collected the numbers from customers to authenticate their identities. He says social insurance numbers were in about half of the 280,000 customer records breached by cyber-criminals and released onto the dark web. The breach was first reported in late April. Cybersecurity expert Claudiu Popa says it's worth asking why the company would need this kind of personal information. The founder of the non-profit group KnowledgeFlow says there are less risky ways of identifying customers. The federal government's website says each nine-digit number represents a unique identifier for work applications and government records, and it advises people not to share the number unless it's legally required. Thieves can use the number to commit fraud, such as illegally accessing government benefits and tax refunds. This report by The Canadian Press was first published May 29, 2025.
