Nova Scotia Power is confirming it was the victim of what it’s calling a sophisticated ransomware attack. It said the quote threat actor published data stolen from its systems. The utility has mailed out letters to customers whose personal data was compromised in the cyber breach.
NSP is advising them to sign up for a free credit monitoring service as a precaution. I’m joined now by Peter Greg, president of Nova Scotia Power. Uh first off, how many Nova Scotia Power customers were affected and and what type of information was stolen? First, Amy, thanks very much for having me here today uh to to uh provide some information.
Um want to say that I want to confirm that we were the victims of a sophisticated
Nova Scotia Power victim of ‘sophisticated ransomware
ransomware attack. Um and that means that uh some of our data was stolen by the sophisticated actor. Um, and to directly answer your question, approximately 280,000 of our customers, we believe um had data that was stolen from our systems.
What kind of data is it? Uh, addresses, is it banking information? What is it? So, we we’ve advised those customers, it could be a range of data. So, it could be an address, it could be an account number, um, there could be some banking information in there. And so, we wanted to be uh as exhaustive as we could in terms of what could be there.
Um, and then advise customers that we’re offering two years of paid credit monitoring services and encouraging anyone who gets a letter from us to do that. Please sign up for those services. Well, we’ve heard from one person who did sign up for the two years and uh they signed under TransUnion two days ago, received a notice of a security breach on his information from the dark web.
Ransomware scum leaked Nova Scotia Power customers
What is Nova Scotia Power going to do to support somebody like him and other customers besides just, you know, giving them an opportunity to see they’ve been That’s new information to me. But I I enjoy the opportunity to connect with that customer to see how how we can help uh in addition to that. And so our our call center lines are open. We have agents available.
Um so I encourage any customers that have concerns, please do give us a call and we’ll work with you to address those concerns. But what can you do if somebody’s identity’s been stolen or It’s really I think the the the advice is, you know, get that credit monitoring service in place so that you are notified immediately if someone is trying to use your information.
N.S. Power says hackers have published stolen data from
Um that would, you know, require your credit. Do that. Um that’s the best protection uh you can do um in this situation. Now the utility says the information was published. Where was it published? Yeah. So, our our third-party uh cyber experts have advised us that uh certain data has been published um and published on the dark web. I’m not a cyber expert.
Um and uh that’s probably as far as I can go. Investigation is ongoing to see if what more we can learn. And what do you know about these people? Do you know anything? We what I can share is um it’s a very sophisticated uh threat actor. So, we’re we’re um referring to them. Um so um you know we’re responding in kind um but beyond that uh not a lot of details I can share at this point.
Now there was a statement saying there was no money paid out but was was there a ransom requested? So it was a ransomware attack which means there was a request uh but based on uh expert advice including uh law enforcement at at all levels um we made the decision uh we have not paid. Okay. So, your organization learned about this on April 25th. Yes.
Nova Scotia Power Confirms Ransomware Hackers Have
I I think the first posting we were able to find was April 27th. Um, is that transparent and responsive to your rate payers? We have made efforts to be transparent, but they and and so we did come out as quickly as we could. And the principle behind this was always to go out with what we know, not what we think.
And so, we wanted to make sure we had facts. And that’s sort of along the several weeks we’ve been in this and part of what informs why I’m here today. We’ve got new information to share. And so, not to speculate, but to make sure we’re sharing truth, facts. Um, and we’ll do that. And we’ve been, you know, coming out, we’ve been making sure to point media to our web page whenever we do have uh new information out there.
And then I will I will make myself available um at the appropriate times as well. Now, this will be expensive to deal with. Um, will that be passed on to ratepayers? No, we anticipate so we we have cyber insurance, cyber security insurance um in place. We’re working very closely with that provider and we anticipate that our our insurance should be sufficient.
Now, why don’t you think your security was good enough to to not let this happen? It’s a great great question. Um I think it is a bit of the evolving nature of what’s happening in the world. Um you know, we do have sophisticated cyber protections in place. Um we’re critical infrastructure. Um and we and we do invest in that.
Um I think it what we’ve got at this point is we’ve got Pitcairn grove Edinburgh
