Particle.news

Download on the App Store

Privacy commissioner probes Nova Scotia Power over theft of 280,000 customer records

The investigation will examine whether the utility’s actions after a March ransomware attack sufficiently protect customers from identity fraud.

Privacy Commissioner of Canada Philippe Dufresne waits to appear at the Standing Committee on Access to Information, Privacy and Ethics in Ottawa on Tuesday, Nov. 19, 2024. THE CANADIAN PRESS/ Patrick Doyle

Overview

  • Federal privacy commissioner Philippe Dufresne opened a formal probe on May 28 into a March 19 ransomware attack that exposed personal information of roughly 280,000 Nova Scotia Power customers.
  • Nova Scotia Power confirmed hackers stole and published on the dark web customer names, birth dates, email and home addresses, account details, driver’s licence numbers and some bank account numbers.
  • In late April, the utility mailed breach notifications to affected customers and offered a two-year credit monitoring subscription through TransUnion Canada.
  • Dufresne’s investigation is assessing the company’s breach containment steps, customer notification process and measures to reduce risks of fraud and identity theft.
  • Cybersecurity experts have criticized the utility’s notification letters for lacking detail and advise customers to monitor financial accounts and consider protections beyond the two-year monitoring period.