The Nova Scotia Power data breach exposed sensitive information for more than 900,000 current and former customers, including driver’s license numbers and Social Insurance Numbers. The attack began with a SocGholish infection from a compromised website, followed by lateral movement, credential harvesting, data exfiltration and ransomware deployment before detection. #SocGholish #NovaScotiaPower
Keypoints
- The breach affected roughly 375,000 current customers and 540,000 former customers.
- An employee visiting a compromised website allowed SocGholish to gain an initial foothold.
- Attackers escalated privileges, moved laterally, and harvested credentials over several weeks.
- Data was exfiltrated from on-premises and cloud systems, then ransomware was deployed and backups were destroyed.
- Notifications were delayed, prompting regulatory scrutiny and a commitment by Nova Scotia Power to strengthen protections and offer extended identity monitoring.
Read More: https://thecyberexpress.com/nova-scotia-power-data-breach-2/