Canadian power utilities Emera and Nova Scotia have suffered cyber attacks that forced the companies to shut down some business application servers.
Halifax-based Emera provides electric and natural gas utilities to approximately 2.6 million customers across Canada, the U.S., and the Caribbean. It employs about 7,600 people and reported a net income of $849 million in 2024.
Managing about $5 billion worth of electric generation, Nova Scotia Power employs about 2,300 workers and serves over 500,000 people in the Canadian eastern province, in which it holds a 95% market share.
On April 25, 2025, Emera and Nova Scotia said they discovered unauthorized access to their Canadian-based business application servers.
Canadian power utilities shut down systems after simultaneous cyber attacks
Upon detecting the unauthorized access, the power utilities activated their incident response and business continuity protocols, isolated the affected systems, and hired third-party cyber forensics. They also reported the cyber attacks to the relevant law enforcement authorities.
Although there was no physical interruption of electricity generation and distribution, the precautionary measure disrupted online portals and customer care lines, impacting customer service.
“There remains no disruption to any of our Canadian physical operations, including at Nova Scotia Power’s generation, transmission, and distribution facilities, the Maritime Link or the Brunswick Pipeline, and the incident has not impacted the utility’s ability to safely and reliably serve customers in Nova Scotia,” the power utilities said in a joint statement. “There has been no impact to Emera’s U.S. or Caribbean utilities.”
For now, the power utilities are investigating whether the cyber attacks resulted in the exposure of sensitive corporate, employee, or customer information.
Meanwhile, Emera and Nova Scotia technicians are working tirelessly to restore all affected systems online. However, the power utilities remain tight-lipped on whether the cyber attacks involved ransomware. Similarly, no cybercrime group has taken credit for the Emera and Nova Scotia cyber attacks.
Cybar attacks targeting critical infrastructure
Cybercriminals, including state-sponsored actors, frequently target critical infrastructure organizations such as power utilities for financial reasons or cyber warfare.
In 2023, U.S. authorities discovered that Chinese state-sponsored actors, Volt Typhoon, had entrenched themselves on the U.S. power grid for nearly a year.
Coincidentally, the Canadian power cyber attacks occurred when Spain and Portugal experienced widespread power outages. The blackouts shut down various businesses across the Iberian Peninsula, including Madrid’s Barajas International Airport and Lisbon’s Humberto Delgado Airport.
They also forced many European airlines to cancel flights, leaving many passengers stranded. Besides airports, the power outages also disrupted hospitals, forcing them to cancel surgeries.
The simultaneous cyber attacks also coincided with Emera preparing to release its Q1 Financial Statements and Management Disclosure and Analysis on May 8, 2025, which the company said will proceed as planned. Similarly, no material impact on the company’s operations or its financial condition was anticipated.
“At this time, the incident is not expected to have a material impact on the financial performance of the business,” the company said.
In 2021, CISA warned that extortion cyber attacks occur during financially significant moments when threat actors have leverage on companies, making them more likely to pay the ransom to prevent any damaging information from leaking.
