Nova Scotia Power customers handed 'to-do list' after ransomware attack

Some people notified by Nova Scotia Power that their information was stolen in a cyber breach are becoming frustrated trying to navigate the situation, saying it's difficult to get through to their banks and the credit monitoring system that's been recommended.

Nova Scotia Power announced the security breach in late April and confirmed last week it was the victim of a ransomware attack affecting about 280,000 customers in Nova Scotia. Letters to affected customers began rolling out last week and the company said it is working with experts to restore its systems and improve security.

"I'm unsure of the apology from Nova Scotia Power. It feels like really, the responsibility is back on the consumer," said Brian Yee, a retired teacher in Halifax, who recently received a letter from the utility.

"What are the items that they're putting in place to ensure that this doesn't occur?"

Yee was eventually sent a temporary password to validate a credit monitoring account, but is still irked he is having to take these steps. He's had to spend a lot of time on the phone on hold while trying to get in touch with the credit monitoring agency TransUnion.

"So other than here's your to-do list of what to do, I find that frustrating. You know, many folks wouldn't have the time. I'm retired so I can sit on the phone if needed, but if you're working, that would be super challenging to do."

Yee said he doesn't feel Nova Scotia Power has provided enough direction to its customers and questioned whether the offered two years of credit monitoring is adequate.

"It's still not resolved. And so I guess my question is how much more work is this going to be? And the fact that there is really nothing from Nova Scotia Power saying that this is our followup with you," he said.

'It was a terrible feeling'

Diane Newman-Betts, also from Halifax, has spent the last 12 days scrambling to figure out how $30,000 disappeared from her and her husband Michael's bank account.

"It was a terrible feeling, we were both really sick to our stomachs the last week and a half. It was awful," she said.

Newman-Betts said she noticed two suspicious transactions on her Manulife bank account on May 15: one was $500 from her credit card and another was a $30,000 amount going on a TD line of credit.

"We don't deal with TD at all, so I knew that it was not us or that something was wrong and I think myself what they did is they went in with the first amount and realized it worked and so then they went back in for the money," Newman-Betts told CBC News.

Then the letter from Nova Scotia Power arrived.

"For this to happen to us and then have the letter arrive — that is when we connected it all. It had to be that. There is no other reason," she said.

Newman-Betts said she can't be sure it happened because of the ransomware attack, but she did learn her bank will be putting the missing money back into her account.

Manulife released a statement saying it takes all reports of unauthorized activity seriously and protecting clients remains a top priority.

Nova Scotia Power did not provide any update on the ransomware attack on Tuesday.