Nova Scotia Power President Peter Gregg
The federal government says people do not have to provide their SIN (Social Insurance Number) to sign up for utility service in Nova Scotia
CP Editors note: The following text has been primarily excerpted from the Halifax Examiner’s article of June 4 ‘What we heard here today was speaking points’: Grilled by Members of the legislature’s public accounts committee, Nova Scotia Power executives provide few answers about cyberattack
BY JENNIFER HENDERSON JUNE 4, 2025
On May 13, Nova Scotia Power sent a letter telling 280,000 customers their name, address, email, and banking information may have been published on the dark web by a “threat actor” after the company refused to pay a ransom.
In addition, it told 140,000 customers who had provided the company with their Social Insurance Numbers (SINs) they could be particularly vulnerable to scams and identity theft now that some information had been published on the dark web.
Politicians pressed the Nova Scotia Power president on why the company collected and saved that information in the first place.
Since at least 2018, federal privacy laws and directives from Service Canada advise private companies not to ask for SINs as a way of verifying an individual’s identity, and customers are never legally required to provide their SIN information to anyone except Service Canada and their bank.
“Why has Nova Scotia Power been storing Social Insurance Numbers for 50 years,” PC MLA White asked.
“I’m sorry I’m not able to give you that answer today, but the commitment is to provide that answer as soon as we know it,” Nova Scotia Power president Peter Gregg told White.
Reporters did learn from Gregg that Nova Scotia Power stopped collecting and asking for SINs about five years ago. No reason was given.
Nova Scotia Power’s privacy officer was not on the witness panel, and there remains no explanation for why the company didn’t delete the 140,000 SINs from its database after it changed its policy five years ago.
At the end of the committee’s two hour session with Nova Scotia Power, it’s unclear whether the company’s cybersecurity defenses are robust enough to prevent another cyberattack.
NS Power President reportedly refuses to reveal his SIN number to Court Painter…
Members of the legislature’s public accounts committee have passed a motion asking the auditor general to examine the cyberattack at Nova Scotia Power that led to the theft of personal information affecting 280,000 Nova Scotians.