Nova Scotia Power Data Breach Exposes Data of 900,000 Customers

Severity: High (Score: 71.0)

Sources: Globalnews.Ca, Thecyberexpress, Priv.Gc.Ca, Halifax.Citynews.Ca, Coastreporter

Summary

A data breach at Nova Scotia Power, discovered on April 25, 2025, compromised sensitive information of over 900,000 customers. The breach initiated when an employee clicked on a malicious pop-up linked to 'SocGholish' malware on March 19, 2025. This allowed attackers to gain access to the network, escalate privileges, and conduct internal reconnaissance. Data was exfiltrated between April 23 and April 25, 2025, followed by ransomware deployment that disrupted services. The breach affected approximately 375,000 current and 540,000 former customers, exposing names, contact information, account details, and Social Insurance Numbers. Nova Scotia Power has since committed to enhancing its security measures and deleting sensitive data. No ransom was paid, and there is no evidence that the stolen data has been sold or publicly released. The Privacy Commissioner of Canada is conducting an ongoing investigation into the incident. Key Points: • Over 900,000 customers affected by the Nova Scotia Power data breach. • Breach initiated via malware from a compromised pop-up clicked by an employee. • Nova Scotia Power committed to improving security and deleting sensitive data.

Key Entities

• Data Breach (attack_type)
• Malware (attack_type)
• Ransomware (attack_type)
• Nova Scotia Power (company)
• Canada (country)
• Russia (country)
• priv.gc.ca (domain)
• SocGholish (malware)
• T1003 - OS Credential Dumping (mitre_attack)
• T1021 - Remote Services (mitre_attack)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1486 - Data Encrypted for Impact (mitre_attack)