Nova Scotia Power, the primary electricity provider for the Canadian province, confirmed a cybersecurity breach on April 25, 2025, leading to the isolation of affected business servers. The incident involved unauthorized access to IT networks but did not disrupt power generation or transmission services1. The utility serves approximately 550,000 customers, representing 95% of the region’s power supply2.
Incident Timeline and Response
The breach was detected on Friday, April 25, with public disclosure following on April 28 after initial containment measures were implemented. Nova Scotia Power’s parent company Emera Inc. engaged third-party cybersecurity experts and notified law enforcement agencies1. Critical infrastructure systems including the Maritime Link and Brunswick Pipeline remained operational throughout the incident. Customer-facing portals like nspower.ca experienced temporary outages as IT teams worked to restore secure access3.
Technical Impact Assessment
Forensic analysis revealed the compromise targeted business servers rather than operational technology (OT) systems controlling physical infrastructure. This segmentation prevented cascading effects on power delivery. The company’s U.S. and Caribbean utilities under Emera’s portfolio were not affected1. Julien Richard of Lastwall noted the incident highlights persistent risks to identity access controls in critical infrastructure environments3.
| Affected Systems | Status |
|---|---|
| Customer service portals | Temporary outage during restoration |
| Business servers | Isolated and undergoing forensic review |
| Grid control systems | No operational impact |
Financial and Regulatory Context
Emera maintains its Q1 2025 financial reporting schedule for May 8, anticipating no material impact from the incident1. Nova Scotia Power had previously sought regulatory approval for a $6.8 million cybersecurity upgrade package, which remains pending3. The company’s stock dipped 0.85% following the disclosure, closing at C$60.89 on April 283.
Security Recommendations
For organizations managing critical infrastructure, this incident reinforces several defensive priorities:
- Maintain strict segmentation between IT and OT networks
- Implement continuous monitoring for identity and access management systems
- Conduct regular audits of third-party vendor access
The company continues to provide updates through official channels including Business Wire and CBC News13. No evidence of data exfiltration or ransomware deployment has been confirmed as of April 29, 2025.
References
- “Emera Reports Cybersecurity Incident”, Business Wire, 2025.
- “Emera, Nova Scotia Power confirm cybersecurity breach”, CBC News, 2025.
- ISSSource, Stockhouse, and CTV News coverage consolidated in research materials.
