In the wake of a major cyberattack earlier this year, Nova Scotia Power — the province’s largest electric utility — is facing intense scrutiny after months-long payment delays to contractors and suppliers. The ransomware attack, which compromised sensitive customer data, has disrupted operations and led to widespread financial strain for local businesses.
1. Overview of the Cyberattack
In March, Nova Scotia Power fell victim to a severe ransomware attack, disrupting its internal systems and delaying financial operations. Hackers reportedly attempted to steal personal data from more than 200,000 customers.
2. The Impact on Contractors and Suppliers
Due to the attack, contractors and suppliers have not been paid for months. Some companies claim to be owed hundreds of thousands of dollars. For instance, Marid Industries reported outstanding payments between $60,000 and $70,000, causing significant cash flow problems for local firms.
3. Nova Scotia Power’s Official Response
Company spokeswoman Jacqueline Foster issued an apology, acknowledging the delays:
“We are extremely sorry for the delays in payments… invoices are being paid but we know it’s causing real issues for our partners.”
Foster confirmed that dozens of additional staff members were hired to speed up manual payment processing, which became necessary after IT systems were compromised.
4. How the Cyberattack Unfolded
According to the utility, hackers infiltrated the company’s network through ransomware. This type of attack locks digital systems until a ransom is paid, creating operational chaos. The company has been working “around the clock” to safely restore data and payment functions.
5. What Kind of Data Was Stolen
The Nova Scotia Energy Board revealed that sensitive customer data was exposed, including:
- Names and birth dates
- Email and home addresses
- Driver’s licence and bank account details
- Social Insurance Numbers (in some cases)
The board said the company cannot specify which customers were affected due to the complexity of the breach.
6. Repercussions for Customers
Following the incident, Nova Scotia Power began issuing estimated electricity bills instead of actual readings from smart meters, leading to complaints about inflated charges. Despite this, electricity generation and distribution have not been disrupted.
7. The Issue of “Prompt Payment” Legislation
Contractors say the crisis underscores the absence of prompt payment laws in Nova Scotia. Tim Houtsma, CEO of Marid Industries, criticized the government:
“The consultation started two or three years ago, and the file has gone completely silent.”
Without such legislation, small and medium businesses are left vulnerable to financial instability when payments are delayed.
8. Response from the Nova Scotia Energy Board
The independent Nova Scotia Energy Board has been investigating the cyberattack’s impact on data security and billing. The board called the incident “severe and complex,” noting the difficulty of identifying individual data breaches.
9. Compensation and Credit Protection for Customers
To mitigate the impact, Nova Scotia Power partnered with TransUnion to offer affected customers five years of free credit monitoring. Initially, the offer was only two years but was later extended after public pressure.
10. What’s Next for Nova Scotia Power
While the company expects to clear all pending invoices by the end of the year, the situation has raised critical questions about cybersecurity preparedness, payment transparency, and data protection for Canadian utilities.