Overview
- Federal privacy commissioner Philippe Dufresne opened a formal probe on May 28 into a March 19 ransomware attack that exposed personal information of roughly 280,000 Nova Scotia Power customers.
- Nova Scotia Power confirmed hackers stole and published on the dark web customer names, birth dates, email and home addresses, account details, driver’s licence numbers and some bank account numbers.
- In late April, the utility mailed breach notifications to affected customers and offered a two-year credit monitoring subscription through TransUnion Canada.
- Dufresne’s investigation is assessing the company’s breach containment steps, customer notification process and measures to reduce risks of fraud and identity theft.
- Cybersecurity experts have criticized the utility’s notification letters for lacking detail and advise customers to monitor financial accounts and consider protections beyond the two-year monitoring period.