Nearly one month after it informed customers that it had been targeted in a cyberattack, Canadian electric utility Nova Scotia Power admitted on Friday that it has been dealing with a ransomware attack.
The breach was disclosed by Nova Scotia Power and its parent company Emera on April 28, and on May 1 they admitted that hackers had stolen some customer information.
On May 14, Nova Scotia Power informed customers that information such as name, date of birth, phone number, email address, mailing and service addresses, power consumption, service requests, and payment, billing, and credit history was compromised.
The hackers also gained access to driver’s license numbers, Social Insurance Numbers, and bank account numbers shared for pre-authorized payments.
The company highlighted that the incident did not cause any disruption to electricity generation, transmission and distribution facilities.
In the latest update, shared on its website on May 23, Nova Scotia Power confirmed that it has been targeted in what it described as a “sophisticated ransomware attack”.
“No payment has been made to the threat actor,” the utility clarified. “This decision reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance.”
It also noted that the threat actor has published data stolen from its systems, and the company is currently working with cybersecurity experts to assess the nature and scope of the impacted information.
It’s unclear which ransomware group is behind the attack and where the data has been published. SecurityWeek has found no mention of Nova Scotia Power on any of the known ransomware groups’ leak websites at the time of writing.
Nova Scotia Power provides electricity to roughly 550,000 customers, and it said it’s sending out data breach notifications to approximately 280,000 of them.
The cybersecurity community has often warned about the risk of power grid hacking due to software and hardware vulnerabilities. However, the threat to power grids is not only theoretical, with state-sponsored hackers targeting such systems to cause disruption or for espionage.
Related: Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People
Related: Coinbase Says Rogue Contractor Data Breach Affects 69,461 Users
Related: UK Legal Aid Agency Finds Data Breach Following Cyberattack
