Nova Scotia’s energy regulator will hold two separate inquiries into last year’s cyberattack at Nova Scotia Power and the utility’s handling of customer information and billing, deepening scrutiny of cybersecurity and governance at the workplace.

The March 2025 cyberattack exposed personal information for about 280,000 customers at the privately owned utility. Company officials have said the attack was likely carried out by a Russia-based actor, The Canadian Press (CP) reported.

The main inquiry by the Nova Scotia Energy Board will focus on the utility’s preparedness and response to the cyber incident. According to CP, the regulator plans to examine Nova Scotia Power’s cybersecurity assets, policies, planning and staff training prior to the breach, along with the utility’s technical response and recovery measures in the months that followed.

The board will also review what security enhancements have been implemented since the attack, CP reported. Hearings have not yet been scheduled.

Data handling and billing practices under the microscope

A second, distinct inquiry will probe how Nova Scotia Power collected, stored and used customer data, as well as how it estimated bills after it lost communication with power meters during the cyber incident. The regulator’s decision follows months of public complaints, legal threats and political pressure over billing spikes, according to CP.

Politicians have reported that some constituents experienced sudden increases in their power bills and even received consecutive charges within short periods. Premier Tim Houston, who also serves as provincial energy minister, wrote to the energy board in December calling for a separate investigation into those issues, CP reported.

This second inquiry will look at data governance, protections against fraud and identity theft, how estimated bills were calculated, and how the company communicated with customers. It will also assess the broader business impacts of the incident. Hearings in that process are scheduled for July.

Premier’s office demands accountability

Houston’s office has sharply criticized the utility’s handling of billing in the wake of the breach. The premier’s communications director, Stephen Moore, said that Nova Scotia Power must be held accountable for its response, according to the CP report.

He said there is still no clarity around how estimated bills were produced and that there has been little urgency to correct them. Moore added that the utility has caused confusion, financial strain and a loss of public confidence in the power system.

“They’re leaving many customers in the dark. This is unacceptable. Nova Scotians deserve better,” he wrote, according to the report.

“We’re not satisfied on any front. That’s why, as energy minister, the premier called on the energy board to launch a formal investigation into billing practices, work to get all systems back online and protections and support for customers. This matter deserves as much scrutiny as the cybersecurity incident itself in order to hold Nova Scotia Power to account.”

In his December request to the Nova Scotia Energy Board, Houston said Nova Scotians “deserve transparency, fairness, and accountability from Nova Scotia Power” and reported hearing from “far too many Nova Scotians who have experienced inaccurate billing and a lack of responsiveness from the utility,” according to a previous CityNews report.

Utility pledges co-operation

Nova Scotia Power, owned by Emera Inc., has said it welcomes the inquiries and will fully co-operate with the energy board and with a separate investigation by the Office of the Privacy Commissioner of Canada. The utility says it has been providing monthly updates to the board since the attack, CP reported.

“We are fully committed to transparency and have been keeping our customers and regulators regularly informed since the cyber incident occurred,” spokesperson Jacqueline Foster said, according to the report.

Company officials said the utility’s system estimates bills using different assumptions for “warm” and “cold” months. They said November marked the switch to cold-month estimates, which contributed to a sudden spike in projected bills instead of a gradual rise as temperatures dropped.

The utility is also facing a proposed class action filed in December in the Supreme Court of Nova Scotia by Halifax-based MacGillivray Injury and Insurance Law. The claim alleges failures in data governance, responsiveness and billing accuracy affecting hundreds of thousands of customers. The allegations have not been tested in court.

At the same time, Nova Scotia Power has applied for residential rate increases totalling about eight per cent by 2027, including a proposed 3.8 per cent hike retroactive to Jan. 1 and a further 4.1 per cent increase on Jan. 1, 2027.