Nova Scotia Power victim of ‘sophisticated ransomware attack'

This report on the Nova Scotia Power ransomware incident serves as a critical reminder of the vulnerabilities even in our essential infrastructure. The attackers successfully exfiltrated sensitive data for approximately 280,000 customers—including names, SINs, and banking details—and subsequently published it, likely due to NSP’s commendable stance of not paying the ransom, a decision aligned with law enforcement guidance. The incident underscores the necessity for utilities to continually invest in advanced threat detection, robust incident response plans, and comprehensive data loss prevention strategies. The provision of two years of credit monitoring for affected customers is a standard reactive measure, but the core lesson here is the ongoing sophistication of ransomware gangs and the imperative for organizations to proactively harden systems, segment networks, and ensure immutable backups are in place to minimize both operational disruption and data compromise.