A recent cyberattack on Nova Scotia Power has exposed customer data and disrupted business operations, though the company says its ability to deliver electricity remains intact. If you manage cybersecurity or IT risk for critical infrastructure or utility-connected operations, this is one to watch.

The breach was discovered on April 25, when Nova Scotia Power and its parent company, Emera, detected unauthorized access to servers tied to their business applications. In response, the affected systems were immediately shut down and isolated, which led to disruptions to online services and customer support phone lines.

There was no impact to physical operations, according to the company. Power generation, transmission, and distribution remained unaffected—an important distinction, especially for stakeholders monitoring threats to OT environments.

But the real concern lies in what the attackers did manage to access: customer personal information. Nova Scotia Power confirmed the data theft but hasn’t yet disclosed the number of individuals affected or the specific types of data compromised.

The investigation is ongoing, and impacted customers will be notified directly once more information becomes available. In the meantime, the utility is urging users to be cautious of phishing attempts and any suspicious messages that appear to come from the company.

So far, there’s no confirmation this was a ransomware attack, and no group has claimed responsibility. That leaves some questions unanswered, especially for security teams trying to assess whether the intrusion reflects a broader campaign targeting North American utility providers.

Nova Scotia Power serves approximately 550,000 customers, while Emera’s utility footprint spans 2.6 million customers across Canada, the U.S., and the Caribbean. For organizations connected to this ecosystem—or simply trying to stay ahead of infrastructure threats—this breach highlights how business-side systems continue to be an attack surface with downstream security implications.