Nova Scotia Power says it will offer five years of free credit monitoring to all current and former customers following a ransomware attack that may have exposed sensitive personal information.
The utility says an investigation has confirmed that data belonging to former customers was also taken by an unauthorized third party on or around March 19. That’s in addition to the previously reported breach affecting current customers.
The utility says it does not know the full scope of the data yet, but it “cannot rule out the possibility” that some or all of the following information was impacted.
That includes names, phone numbers, email addresses, mailing and service addresses, power usage details, billing history, customer correspondence, and driver’s licence numbers. In some cases, Social Insurance Numbers and bank account information tied to pre-authorized payments may also have been accessed.
Nova Scotia Power says all customers, whether or not they received a notification letter, will be eligible for five years of free credit monitoring. Those already signed up for the service will have their coverage extended automatically.
The company says employee volunteers will be deployed to locations across the province to help customers register for the service in person. Tips on how to sign up and protect against identity theft will also be included in upcoming bills and posted online.
Nova Scotia Power says it is permanently deleting all SINs from its system and is cooperating with investigations by the Office of the Privacy Commissioner of Canada and the Nova Scotia Energy Board.
The utility says its customer service line is open Monday through Friday from 8 a.m. to 6 p.m. at 1-800-428-6230.
NS Power CEO grilled
Provincial politicians took aim at Nova Scotia Power during a legislative committee meeting earlier this month.
The utility’s CEO and other staff were grilled by the public accounts committee about how the breach happened and what the company will do to protect its customers from financial harm. The attack has impacted almost half of the utility’s customers, including 140,000 that had given their SINs.
Chris Heck, chief digital officer with Nova Scotia Power’s parent company Emera, told the committee that the company identified unusual activity on their server on April 25, but later determined the cyber-thieves had accessed the system as early as March 19.
NDP Leader Claudia Chender pressed the two men to explain why Nova Scotia Power had been storing the social insurance numbers, but they declined to say, citing an ongoing investigation.
With files from The Canadian Press.