HALIFAX — Nova Scotians have lost trust in the province's largest electric utility, provincial politicians said Wednesday during a heated committee meeting that raised tough questions about the recent ransomware attack on Nova Scotia Power.
The cybersecurity breach gave thieves access to personal and financial data belonging to 280,000 ratepayers — about half of the utility's customers.
Members of the public accounts committee grilled Nova Scotia Power CEO Peter Gregg and two other senior staff members, asking them how the breach happened and what the company will do to protect ratepayers from financial harm.
"We understand it is very concerning, and we're working hard to address customer issues and to continue to strengthen our systems as we work to restore and rebuild," Gregg told the committee.
By the time the meeting was over, however, the executives had very little new information to share.
"We have, as far as we understand, 140,000 Nova Scotians who have had their social insurance numbers stolen, and those people are furious," NDP Leader Claudia Chender told the committee.
Gregg said the company, a subsidiary of Halifax-based Emera Inc., identified unusual activity on their servers on April 25, but they later determined the cyber-thieves had accessed the system as early as March 19.
The utility has since sent letters to customers informing them the stolen data may include their names, birth dates, email addresses, home addresses, customer account information, driver's licence numbers and, in some cases, bank account numbers and social insurance numbers.
The cyberattack affected almost half of the utility's 525,000 customers.
Gregg confirmed the company had previously collected social insurance numbers to authenticate customers’ identities in cases where multiple customers had the same name, but he said that practice has stopped.
The utility now requests only the last three digits of each customer's social insurance number, which is not stored.
Still, Chender pressed utility executives to explain why Nova Scotia Power continues to store the full social insurance numbers it had previously collected. But they declined to say, citing an ongoing investigation.
"I don't have an answer for you today," Gregg said.
Chender said Gregg's response was disappointing. "With stronger safety protocols, Nova Scotians would be protected," she said.
The NDP leader went on to ask how affected ratepayers would be compensated for potential losses. Again, Gregg did not directly answer, saying the utility is offering customers a two-year subscription for credit monitoring, which might be extended.
Progressive Conservative member Brian Wong said Nova Scotians deserve better.
"We have Nova Scotians that aren't just scared, they're angry," he told Gregg.
When asked by multiple committee members if Nova Scotia Power would commit to covering the costs of the breach internally rather than handing the bill to ratepayers, Gregg again avoided a direct answer.
He said Nova Scotia Power's cybersecurity insurance would likely cover many expenses, but he said the utility doesn't yet know the cost of the breach. "Until we get further into this investigation and determine total cost, I can't give you a yes or no answer."
Liberal member Derek Mombourquette said Nova Scotia Power's first step towards rebuilding public trust should be promising not to pass on costs to consumers who have long complained about soaring electricity bills and frequent power outages.
"There is no trust with Nova Scotia Power right now," Mombourquette said after the meeting. "I don't believe what we heard in the committee today has done any more to reassure the customers."
As the meeting concluded, Chender put forward a motion to request the province's auditor general investigate the breach, which was adopted.
Meanwhile, the federal privacy commissioner has already launched an investigation. Philippe Dufresne issued a statement last week saying he started the probe after receiving complaints about the security breach in April.
This report by The Canadian Press was first published June 4, 2025.
Lyndsay Armstrong, The Canadian Press
