Particle.news

Download on the App Store

Privacy commissioner probes Nova Scotia Power over theft of 280,000 customer records

The investigation will examine whether the utility’s actions after a March ransomware attack sufficiently protect customers from identity fraud.

Overview

  • Federal privacy commissioner Philippe Dufresne opened a formal probe on May 28 into a March 19 ransomware attack that exposed personal information of roughly 280,000 Nova Scotia Power customers.
  • Nova Scotia Power confirmed hackers stole and published on the dark web customer names, birth dates, email and home addresses, account details, driver’s licence numbers and some bank account numbers.
  • In late April, the utility mailed breach notifications to affected customers and offered a two-year credit monitoring subscription through TransUnion Canada.
  • Dufresne’s investigation is assessing the company’s breach containment steps, customer notification process and measures to reduce risks of fraud and identity theft.
  • Cybersecurity experts have criticized the utility’s notification letters for lacking detail and advise customers to monitor financial accounts and consider protections beyond the two-year monitoring period.