Thieves gain access to about 140,000 social insurance numbers in NS Power database
Advertisement
Read this article for free:
or
Already have an account? Log in here »
To continue reading, please subscribe:
Monthly Digital Subscription
$1 per week for 24 weeks*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*Billed as $4.00 plus GST every four weeks. After 24 weeks, price increases to the regular rate of $19.95 plus GST every four weeks. Offer available to new and qualified returning subscribers only. Cancel any time.
Monthly Digital Subscription
$4.99/week*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*Billed as $19.95 plus GST every four weeks. Cancel any time.
To continue reading, please subscribe:
Add Free Press access to your Brandon Sun subscription for only an additional
$1 for the first 4 weeks*
*Your next subscription payment will increase by $1.00 and you will be charged $16.99 plus GST for four weeks. After four weeks, your payment will increase to $23.99 plus GST every four weeks.
Read unlimited articles for free today:
or
Already have an account? Log in here »
Hey there, time traveller!
This article was published 29/05/2025 (302 days ago), so information in it may no longer be current.
HALIFAX – Nova Scotia Power’s CEO says up to 140,000 social insurance numbers could have been stolen by cyber-thieves who recently hacked into the utility’s customer records.
Peter Gregg said in an interview Thursday that the privately owned utility collected the numbers from customers to authenticate their identities.
“If there are a number of John MacDonalds, it (the social insurance number) determines which one we (the utility) are talking to,” Gregg said during the interview at the Halifax headquarters of the Emera subsidiary.
On May 23, Gregg said the data of about 280,000 Nova Scotia Power customers was breached in a ransomware attack — more than half of the total. Asked Thursday how many of these records contained the confidential, nine-digit social insurance numbers, Gregg replied, “approximately half.”
Cybersecurity expert Claudiu Popa questions why a utility would need to keep this kind of data about customers for customer authentication purposes.
The founder of the non-profit group KnowledgeFlow says there are less risky ways to identify customers with similar names than to store their social insurance numbers.
“It clearly states on government websites that using one of a person’s most confidential identifiers is not the recommended approach to identifying individuals,” he said in an interview Thursday.
The federal government’s website says the numbers are for work applications and government records, and it advises people not to share them unless it’s legally required.
It also notes that thieves can use the numbers to commit fraud, including attempting to access government benefits and tax refunds.
“There’s an almost infinite number of ways that these numbers can be used in fraud,” said Popa.
Gregg said that the social insurance numbers weren’t required from its customers, and they offered them voluntarily.
The breach of the customer records was first reported in late April, and the company later indicated the first breach was detected in mid March.
Popa has said the company should by now have provided more precise information to each customer about what personal data was stolen, and given explicit warnings about potential harm.
Gregg said that more details will be provided as IT staff and other cybersecurity consultants continue working to obtain the information.
“We want to be careful to say what we know and not what we think,” he said.
“As we get deeper into the investigation and we are able to confirm details, that information will be shared with our customers.”
This report by The Canadian Press was first published May 29, 2025.