Nearly a month after initially disclosing a cyberattack, Nova Scotia Power, a Canadian electric utility company, confirmed on May 23 that it had been the victim of a sophisticated ransomware attack. The breach, first reported on April 28, led to the theft of sensitive customer information, including names, birth dates, contact details, service addresses, power consumption data, service requests, billing and credit history, driver's license numbers, Social Insurance Numbers, and bank account information. Despite the breach, Nova Scotia Power assured that its electricity generation and distribution services remained unaffected. The company, which serves around 550,000 customers, is sending breach notifications to approximately 280,000 affected individuals. No ransom has been paid, aligning with sanctions laws and law enforcement advice. Although the stolen data has been published, the identity of the ransomware group and the location of the leak remain unknown. The incident underscores the ongoing cybersecurity risks to critical infrastructure such as power grids.