News release
Nova Scotia Power commits to strengthening security measures
March 25, 2026 – Gatineau, Quebec
Nova Scotia Power has committed to take steps to strengthen its security measures following a cyberattack that impacted more than 900,000 current and former customers.
Through a compliance letter that includes specific commitments, the company has agreed to implement measures to ensure stronger privacy protections for Nova Scotia Power customers going forward.
Privacy Commissioner of Canada Philippe Dufresne launched an investigation into the 2025 data breach after receiving numerous complaints.
The breach, which was discovered on April 25, 2025, occurred after a threat actor was able to gain access to the Nova Scotia Power systems.
Nova Scotia Power determined that approximately 375,000 of its existing customers and approximately 540,000 former customers were affected by the breach. Compromised personal information included names, phone numbers, email addresses, mailing addresses, dates of birth, account histories, driver’s license numbers and social insurance numbers.
Following the breach, Nova Scotia Power took steps to mitigate further risks, including enhancing its security measures. The company has also offered credit monitoring and identity protection services to all customers.
The Commissioner’s investigation into Nova Scotia Power will remain open until he is satisfied that the company has fulfilled all of its commitments.
Quote
“I welcome this commitment by Nova Scotia Power to ensure stronger protections for the personal information of its customers. This privacy breach highlights the significant risks of cyberattacks to individuals and companies. Strong, proactive data protection, including robust safeguards, must be prioritized by all organizations in this evolving landscape.”
Philippe Dufresne
Privacy Commissioner of Canada
Related link
Media contact
Office of the Privacy Commissioner of Canada
communications@priv.gc.ca
- Date modified: