Illustration: JMiks | Shutterstock
Canadian energy provider Nova Scotia Power has admitted that ransomware attacked it. The data stolen from the company affects 280,000 out of its 550,000 customers.
The cyberattack was initially disclosed by the power company and its parent company, Emera, on April 28, with a follow-up confirmation on May 1 admitting that hackers got away with customer data. In another update on May 14, the company confirmed the breach and claimed the following data was stolen:
- Name and birthday
- Phone number
- Email address
- Service and mailing address
- Driver’s license number
- Social insurance number
- Power consumption
- Service request
- Payment, billing, and credit history
- Bank account numbers for pre-authorised payments.
However, at the time, the attack was only deemed a “cyberattack” with no information on the attack vector or damage to the company’s systems. In its latest update, Nova Scotia Power has confirmed the attack to be a “sophisticated ransomware attack.” The name of the threat actor wasn’t mentioned, and Candid.Technology hasn’t spotted any major ransomware groups claiming responsibility for the attack at the time of writing.
No ransom has been paid yet, and the update didn’t include the ransom demand. That said, the hackers have published the stolen data, and the company is working with third-party security experts to “assess the nature and scope of the information that may have been impacted.”
The stolen data makes it easier for hackers and other cybercriminals to launch phishing attacks for identity theft or financial fraud. The company has already sent out notifications to affected individuals and is offering two years of free credit-monitoring service from TransUnion. Regardless, all customers are advised to remain vigilant and look out for scamming attempts from hackers impersonating Nova Scotia and asking for personal details.
In the News: Hackers are using fake TikTok tips to spread malware
