The Cyberattack That Stole 280,000 Identities-and Showed How Easily We Can Be Duped | The Walrus

The Cyberattack That Stole 280,000 Identities-and Showed How Easily We Can Be Duped | The Walrus

Briefly

"E arlier this year, staff at Nova Scotia Power submitted a proposal to upgrade their cybersecurity. The privately owned company, which supplies most of the province's electricity, had gone three years since an internal threat assessment flagged key vulnerabilities, specifically the power plants and substations that fed the grid. If approved, the work would have wrapped by year's end. They never got the chance. Just three weeks after the proposal was submitted, hackers struck. But not to sabotage infrastructure. Instead, they made off with the personal data of at least 280,000 customers: emails, phone numbers, home addresses, bank details-enough for determined malcontents to impersonate individuals and wreak havoc."

"Then came the shakedown. The company insists it didn't pay, and some of the plundered information was posted online. A few weeks after the attack was made public, a Nova Scotia couple, and clients of the utility, logged into their bank account and found $30,000 gone."

"The situation in the private sector is, if anything, more dire. Eighty-three percent of Canadian businesses surveyed by Telus in 2021 reported experiencing a ransomware attack. Nearly half admitted they paid up. In a recent report, the Canadian Centre for Cyber Security warns that ransomware is now 'the top cybercrime threat facing Canada's critical infrastructure,' with the average payout in 2023 exceeding $1 million."