On April 25, 2025, Canadian electric utility Nova Scotia Power and its parent company Emera disclosed a significant cybersecurity incident involving unauthorized access to parts of their Canadian IT network and business application servers. While no power outages occurred and physical infrastructure remains unaffected, the attack has disrupted digital services, including customer support phone lines and the online portal critical tools for customer engagement and service management.

Incident Summary

Following detection of the breach, impacted servers were immediately shut down and isolated to contain the threat. As of April 28, Emera and Nova Scotia Power reported ongoing efforts to restore affected systems. No updates have been issued since, and the scope of potential data exposure particularly involving customer or confidential business information is still under investigation.

What This Means for the Sector

This attack highlights the persistent and evolving cyber threats facing critical infrastructure providers. Although the power grid and core operations were not compromised, the targeting of business systems and customer-facing platforms underscores a strategic focus on digital disruption, rather than physical sabotage. Such incidents can erode public trust and hamper the ability to serve customers even without interrupting utility services.

While no ransomware group has claimed responsibility at this time, the characteristics of the attack were unauthorized access, server isolation, and service disruptions aligned with tactics often seen in ransomware operations. It is not uncommon for threat actors to delay public claims or data leaks as negotiations or internal investigations unfold.

Key Takeaways

• Resilience Beyond the Grid: Cybersecurity for utilities must extend beyond operational technology (OT) to encompass all IT systems, particularly those involved in customer interaction and internal business operations.
• Incident Transparency: Timely and transparent communication is vital. Extended information gaps may fuel speculation, increase customer frustration, and damage institutional credibility.
• Data Governance: Utilities and other critical infrastructure providers must prioritize strong data protection and cyber hygiene practices. Regular audits, segmentation of sensitive environments, and rapid incident response protocols are essential.
• Preparedness and Training: This incident serves as another reminder that proactive threat modeling, cross-functional security exercises, and organization-wide awareness are crucial in reducing risk and ensuring swift recovery when incidents occur.

How InflexionPoint Helps Safeguard Your OT Network

• At InflexionPoint, we understand the evolving threat landscape facing utilities and critical infrastructure providers. Our solutions are designed to protect both legacy systems and modern OT networks before attackers can do damage:
• Continuous Monitoring – Real-time visibility for detecting intrusions early.
• Network Segmentation & Access Control – Prevents lateral movement once inside.
• Threat Intelligence & Incident Response – Proactive defense and rapid response.
• Security Assessments & Compliance – Ensures alignment with standards like NERC CIP and IEC 62443.
• Legacy System Protection – Secures aging assets without interrupting operations.
• Don’t Wait for a Breach
  As the Nova Scotia Power incident shows, threats can surface without warning and even non-OT systems can be exploited. Now is the time to get ahead of the risk.
• Contact InflexionPoint today for a tailored OT security assessment.
   Visit inflexionpoint.ai to learn more.

Pointman’s Final Thoughts

While the investigation continues, Nova Scotia Power and Emera’s swift containment actions appear to have prevented broader service disruptions. However, this incident reinforces the growing need for utilities and all critical infrastructure providers to invest in robust cybersecurity strategies not just to keep the lights on, but to keep their digital systems, data, and customer trust intact.