Nova Scotia Power, a North American electric utility, is notifying customers in Canada and the United States of a cyber attack that affected their power meters.
In April, Nova Scotia Power and its American parent company Emera were the victims of a targeted ransomware attack that resulted in data exfiltration.
Nova Scotia cyber attack disrupted power meters
Nova Scotia Power attributed the power meter failure to the previous ransomware attack that had disrupted operations and leaked personal data.
While the power meters continued to record accurate readings, the cyber attack disrupted their communication with the company’s systems.
“Since the cyber incident discovered on April 25, power meters have continued to function and gather accurate energy usage data from homes and businesses across the province,” the company stated. “However, due to the cyber incident, the meters have not been able to communicate that data to our systems.”
Subsequently, Nova Scotia was forced to send bill estimates based on the power meters’ previous readings.
“As a result, we initially paused customer billing and have recently resumed billing with most customers receiving estimated bills until our systems are restored and meters begin communicating again,” it stated.
However, the electric utility assured its customers that it would start sending contractors to read the power meters and update its systems. Customers whose power meters would be inaccessible would continue to receive estimated bills based on their previous usage trends.
Americans and Canadians affected
The April 2025 cyber attack responsible for disrupting power meters also affected approximately 280,000 customers, according to a cyber incident notification filed with the Office of the Maine Attorney General.
However, the company did not specify how many Americans vs Canadians were affected by the cyber attack, apart from the 377 Maine residents.
During the attack, the threat actors exfiltrated personal data of current and former customers. While details leaked vary by individual, they could include customer names, dates of birth, phone numbers, email addresses, mailing addresses, driver’s license numbers, and Canadian Social Insurance numbers.
Customer power account information, such as their usage history, and billing and credit details, was also potentially compromised. The cyber attack also potentially leaked customers’ financial information, such as their bank account numbers.
Meanwhile, Nova Scotia Power encourages impacted customers to remain vigilant for potential phishing attacks that could leverage the stolen personal information. It also advised customers to confirm the identities of contracted power meter readers by checking their badges.
However, the identity of the threat actor remains unknown, and no cybercrime group has taken credit for the Nova Scotia Power cyber attack.
Critical infrastructure under attack
While no evidence suggests that the recent cyber attack was state-sanctioned, America’s northern ally is not immune to state-sponsored threats targeting its critical infrastructure.
Additionally, Nova Scotia Power’s parent company Emera serves American customers, making it a potential target for a politically motivated cyber attack by traditional U.S. adversaries such as Russia, China, Iran, and North Korea. It also serves as a lucrative target for financially motivated cybercriminals which could be the case in this attack.
“This incident underscores a persistent and dangerous gap between IT and OT security teams,” opined Debbie Gordon, CEO and Founder, Cloud Range. “As smart meters and other operational technologies become increasingly connected to enterprise networks, many organizations still operate in silos-leaving critical infrastructure exposed.”
Earlier in July, a coalition of U.S. security and intelligence agencies warned critical infrastructure organizations of potential Iranian-linked cyber attacks in light of recent political developments.
However, the greatest threat originates from China, whose state-backed threat actors have deeply burrowed into the U.S. critical infrastructure, awaiting the right moment to launch disruptive cyber attacks during a geopolitical conflict.
