In a shocking revelation, Nova Scotia Power, the largest electricity provider in the region, has announced that the impacts of a significant cyberattack that occurred back in March could be far more extensive than initially believed.

Initially, back in May, the company reported that around 277,000 customers—about half of its client base—might have had their personal information compromised. However, recent findings suggest that potentially all customers could be affected in some shape or form.

This alarming update stems from a detailed report submitted to the Nova Scotia Energy Board, currently investigating the breach. The report emphasized, “The investigation remains complex due to the severity of the cyberattack, and there is a real possibility that all customers have been impacted.”

The stolen data includes a treasure trove of sensitive information: names, birthdates, emails, home addresses, account details, and in some cases, even bank account numbers and social insurance numbers.

Disturbingly, the utility has admitted it cannot provide individual customers with specifics about what information was stolen from them. The report states, “Due to the nature of the breach and the complexity of the systems, it is impossible to determine the exact data accessed on a personal level.”

The breach was first identified on April 25, leading Nova Scotia Power to enlist help from the RCMP and Canadian Security Intelligence Services by April 27, with public notification occurring on April 28.

While the company claims that physical operations have not been disrupted, it confirmed that the attack has hindered its ability to automatically collect electricity usage data from smart meters. As a result, estimated billing based on past usage began in June, causing many customers to receive unexpectedly high bills.

In an effort to alleviate concerns, the report mentions, “NS Power is working hard to maintain a standard billing schedule as much as possible.”

Furthermore, the company revealed in July that the breach also affected former customers, but they still lack specifics about how many individuals fall into that category, adding, “The information about former customers is limited.”

In response to the incident, Nova Scotia Power announced on May 14 that the consumer reporting agency TransUnion would provide affected customers with two years of complimentary credit monitoring, which has since been extended to five years for all clients.

The utility reassured the public that customers would not incur costs for these essential services, yet, there remains uncertainty about whether compensation will be provided for potential losses incurred due to the breach.