Theft of NS Power customer data is likely ransomware attack: security experts

Written By Guest User

This report by The Canadian Press was first published May 13, 2025.

MICHAEL TUTTON

Source Article | CTV News
Source Article | CTV News

HALIFAX — Security experts say the theft of customer data from Nova Scotia’s electric utility has the hallmarks of an extortion attempt by cybercriminals.

In a news release following the April 25 data breach, the utility said it notified police about the theft and confirmed that “certain customer personal information was accessed and taken by an unauthorized third party.”

Nova Scotia Power, however, refuses to say whether it was being extorted by criminals. But cybersecurity experts have little doubt about what happened.

The breach at the utility “walks, talks, barks like a ransomware attack” or other similar forms of cyber extortion, David Shipley, CEO of New Brunswick-based Beauceron Security, said in a recent interview.

Ransomware extortionists use malicious software to infiltrate a system to prevent companies from accessing files and then demand a ransom — often cryptocurrency — to unlock them. Shipley said there are also instances of “double extortion,” cases in which cybercriminals steal data and threaten to sell it unless they are paid.

The difficulty in the ransomware scenario is bringing the extortion to an end, Shipley said. A recent example, he said, is the breach last December of data belonging to students and staff across Canada held in the PowerSchool system. The Toronto District School Board said this week that four months after it paid a ransom to retrieve the personal information, the board discovered that a “threat actor” made a separate ransom demand in exchange for the same stolen data.

“So, you can’t exactly take it to the bank, even if you do pay them, that they’re going to delete the data,” Shipley said.

The cybercriminals could also sell the information on the “dark web” — a part of the internet accessible only through special software. “We see all kinds of crazy things with identity theft, and it can be extraordinarily painful for individuals. The average Canadian loses about $4,000 when their identity gets hijacked,” Shipley said.

Read the Full Story at CTVNews.ca

Guest User
Previous

Building Cyber Resilience Through Culture with David Shipley
Next

ShiftNB with Vanessa Vander Valk