IndigenousNewfoundland and Labrador

N.S. Power hack: The dark web and how your stolen data will be used against you

Aaron Beswick
By Aaron Beswick
11 Min Read
ns.-power-hack:-the-dark-web-and-how-your-stolen-data-will-be-used-against-you
N.S. Power hack: The dark web and how your stolen data will be used against you

Published Jun 13, 2025  •  Last updated 15 minutes ago  •  6 minute readLearn what it means now that hackers will likely turn to selling the stolen personal information of 280,000 Nova Scotians on the dark web. Photo by Oleksii /Adobe StockBecause most of us don’t understand the dark web or the world of hacking, David Shipley uses a lot of metaphors.The chief executive officer of New Brunswick-based Beauceron Security compared the impact on the 280,000 Nova Scotia Power customers who had their private data stolen to radiation exposure.“It’s cumulative and it doesn’t go away,” he said Sunday.THIS CONTENT IS RESERVED FOR SUBSCRIBERS ONLY.Subscribe now to access this story and more:Unlimited access to the website and appExclusive access to premium content, newsletters and podcastsFull access to the e-Edition app, an electronic replica of the print edition that you can share, download and comment onEnjoy insights and behind-the-scenes analysis from our award-winning journalistsSupport local journalists and the next generation of journalistsSUBSCRIBE TO UNLOCK MORE ARTICLES.Subscribe or sign in to your account to continue your reading experience.Unlimited access to the website and appExclusive access to premium content, newsletters and podcastsFull access to the e-Edition app, an electronic replica of the print edition that you can share, download and comment onEnjoy insights and behind-the-scenes analysis from our award-winning journalistsSupport local journalists and the next generation of journalistsRegister to unlock more articles.Create an account or sign in to continue your reading experience.Access additional stories every monthShare your thoughts and join the conversation in our commenting communityGet email updates from your favourite authorsSign In or Create an AccountorArticle contentAs for the two years of free credit monitoring offered by Nova Scotia Power to those who had their data leaked:“It’s like a scan to tell you that you have cancer; it doesn’t fight the cancer,” said Shipley.To grasp his metaphor on how personal data leaks accumulate over time to make us all vulnerable to a growing online fraud industry, we’ll need to learn about the dark web and the marketplace there for our digital portraits, as well as what the criminals who operate there do with the information they steal, buy and sell.The dark webWhen we go “surfing the web,” we only see between four and six per cent of what’s on the internet. Those are the websites that are searchable by Google Chrome, Firefox or similar browsers.The vast majority of the internet is known as the deep web, composed of medical records, subscription services, online banking, etcetera.Article contentThe dark web is a tiny part of this deep web and accounts for about 0.01 per cent of the internet. To access it you need specialized browsers and have to be given a very long website address that takes you to a particular site. Every site is like a private gathering in a big city – someone has to have given you the address for you to attend.“It’s not inherently illegal,” said Srini Sampalli, a professor in Dalhousie University’s computer science program.“Law enforcement, journalists seeking access to uncensored information, security researchers use it. But there are also lots of illegal activities that take place there like the buying and selling of stolen data.”Nova Scotia Power hackOn May 23, Nova Scotia Power issued a written update on the hack of its systems, stating, “We have learned that the threat actor has published data that was stolen from our systems.”Article contentThe data stolen in March includes names, phone numbers, email addresses, mailing and service addresses, Nova Scotia Power program participation information, dates of birth and customer account histories (such as power consumption, service requests, customer payments, billing and credit history, and customer correspondence), bank account numbers, driver’s licence numbers and social insurance numbers.Nova Scotia Power hasn’t said how much of the data was published online.But Shipley warns affected customers shouldn’t take any comfort from the notion that only part of it may have been released on the dark web. Nova Scotia Power hasn’t said how much of the data stolen from its 280,000 customers has been published online. Photo by Tim Krochak /THE CHRONICLE HERALD“When negotiations fail (to get the victim to pay a ransom), the hackers release some of the data to prove they have it,” said Shipley.“This is the dance that goes on. If they’re really pissed, they’ll release all of it. But if they do that, it’s not worth anything. If (the victim) still refuses to pay the ransom, there are various other marketplaces where this information is bought and sold in bulk.”Article contentNova Scotia Power has stated that it hasn’t and won’t pay a ransom after “a careful assessment of applicable sanctions laws and alignment with law enforcement guidance.”The company knows which hackers attacked it. While there’s no hint of “who” there is one of ‘where” in the note that mentions the “assessment of applicable sanctions laws” – that is, a country or group within a country that Canada has sanctions against.Even if Nova Scotia Power did pay a ransom, it likely wouldn’t help those whose data was stolen.“There’s no guarantee that even if you paid the ransom that the information is safe,” said Sampalli.“It could be published at a later time or maybe they won’t respect your ransom at all after they have the money.”What’s next?If Nova Scotia Power doesn’t pay the ransom, usually the hackers will sell the data on dark web sites that work like marketplaces.Article content“There are groups that buy this data for pennies on the person; that’s what you’re worth on the dark web,” said Shipley.“Sometimes they’ll use it for identity theft. Sometimes they’ll combine it with other data on you from the web; the depth and breadth of what they can put together to create the digital jigsaw puzzle that is you can get really scary.”Read More NSP hack: Canada wanders undefended in a cybersecurity Wild West How to deal with the Nova Scotia Power cybertheft Nova Scotia Power can’t say why it stores customers’ social insurance numbers in database Nova Scotia Power customers to receive bills again after security breach The groups that buy the data do so to profit from it.Here’s how they do it:Goal 1 – Create a fake digital you to get credit cards and other loans from which real money can be stolen in your name.Goal 2 – Use your information to break into your real existing online accounts. A bank account is a first try, but points programs that can be cashed out for untraceable gift cards are also popular.Article contentGoal 3 – Use the information for scams where you are contacted by what appears to be a real government or private entity. They then try to trick you into paying money or into downloading software that infects your devices, and from there those of your acquaintances, to harvest more data.The cat’s out of the bagThere’s no getting the social insurance numbers, driver’s licence information, bank account data and other personal information back from the hackers.The damage, for those who are targeted, is yet to come.Shipley doesn’t see two years of credit monitoring as any kind of saving grace, but there are steps our governments, bother federal and provincial, could have taken to protect us.Namely, a privacy act that requires companies and institutions that collect our data to better protect it and only hold onto what is necessary.Article contentUnder questioning by NDP Leader Claudia Chender at the legislature’s public account committee, NSP chief executive officer Peter Gregg didn’t have an answer for why the company long held onto customers’ social security numbers that had been used for verification.“That is part of an ongoing investigation, a very important part of our ongoing investigation that I don’t have an answer for you today,” Gregg told Chender. Chris Lanteigne, director of customer care with Nova Scotia Power, Nova Scotia Power CEO Peter Gregg and Chris Heck, chief digital officer with Emera, listen to questions from MLAs about the recent cybersecurity breach on June 4. Photo by Ryan Taplin /The Chronicle HeraldShipley’s point is that private companies won’t protect our privacy unless they’re forced to by laws with large financial penalties.Neither Nova Scotia nor the federal government has a modern privacy act for the internet age.After two years of hearings, the omnibus Bill C-27, the Personal Information Protection and Electronic Documents Act, died on the order paper when the recent federal election was called.“Quebec has stepped up and come up with privacy laws with beefy fines, but leaving it to the provinces is completely counter to the conversation we’re having about dropping interprovincial trade barriers,” said Shipley.“What’s needed is national legislation. But our national government has failed to govern on this for a decade. They kicked the ball down the road for 10 years, then they screwed it up in the end by trying to include it an omnibus bill that included a half-baked AI act.”Meanwhile, the global hacking industry is growing and more and more personal data can be found online.Article content

Share This Article
Previous Article pei.-gas,-diesel-prices-rise-on-friday-the-13th P.E.I. gas, diesel prices rise on Friday the 13th
Next Article new-military-leave-policy-will-make-it-simpler-for-charlottetown-reservists-to-take-time-off-work New military leave policy will make it simpler for Charlottetown reservists to take time off work

Recent Comments

No comments to show.

You May also Like

foul-play-suspected-after-body-found-in-burning-vehicle-in-popkum,-bc.
British ColumbiaIndigenous

Foul play suspected after body found in burning vehicle in Popkum, B.C.

china-tariffs-bite-into-bc.-spot-prawn-season,-but-foodies-queue-for-kiss-of-the-sea
British ColumbiaIndigenous

China tariffs bite into B.C. spot prawn season, but foodies queue for kiss of the sea

local-group-of-volunteers-finds-creative-outlet-and-community-in-making-movies
IndigenousOntario

Local group of volunteers finds creative outlet and community in making movies

shoplifting-reports-spiked-in-winnipeg-last-year-after-increase-in-funding-for-anti-retail-theft-initiatives
IndigenousManitoba

Shoplifting reports spiked in Winnipeg last year after increase in funding for anti-retail-theft initiatives

Show More
x Powerful Protection for WordPress, from Shield Security
This Site Is Protected By
Shield Security