Multiple contractors say they haven’t been paid by Nova Scotia Power in months (with some owed hundreds of thousands of dollars) after a cyberattack crippled the utility’s systems earlier this year.
This was reported by CBC News.
One CEO says his company is owed around $60,000 to $70,000. “We’re being told it was the data breach,” he told CBC. “It’s important that they’re held accountable and that they pay their contractors on time, because we all pay our power bills on time.”
He said he can weather the delay but worries about smaller firms. “They’re going to get their money,” he said. “But will they get it before everything else comes due? That’s a potential business-ending situation.”
Other contractors, speaking anonymously, said the delays date back to the spring. Nova Scotia Power disclosed in April that it had suffered a cybersecurity incident affecting roughly 280,000 customers, almost half of its base.
The utility confirmed the breach also disrupted payments to companies doing work for it. “We are extremely sorry for the delays,” said spokesperson Jacqueline Foster. “Progress is being made, and invoices are being paid, but we know it’s been slow and causing real issues for our partners.”
Nova Scotia Power said IT and finance teams have been “working around the clock” to restore systems and expects all invoices will be paid before year-end.
The payment chaos has revived calls for prompt payment legislation, a long-promised reform that would set clear deadlines for when contractors must be paid. Duncan Williams, president of the Construction Association of Nova Scotia, says the province is behind the rest of Canada.
“When you issue an invoice for payment, the expectation is that it starts a clock,” Williams said. “We see companies go under every year because they don’t get paid on time.”
Damon Small, Board of Directors, Xcape Inc, commented: “The cyberattack on Nova Scotia Power in April highlighted a crucial, and frequently ignored, impact of these events: significant supply chain disruption. For six months, Nova Scotia Power says it is working “around the clock” to fix its problems.”
He said this is a blatant lack of leadership and demonstrates that they have underinvested in both cybersecurity and their vital IT infrastructure. “The C-suite needs to answer for their actions. Although apologies are appreciated, the fact that contractors, many of them small businesses, went unpaid for months because of damaged IT and financial systems led to a liquidity crisis.”
According to him, the unpaid customer description of this being a “potential business-ending situation” demonstrates that operational continuity extends far beyond the utility’s internal network and includes the prompt fulfillment of financial responsibilities to all partners.
“Recovering systems is only the initial phase; utilities must make payment system resilience a priority in their incident response plans to protect their entire ecosystem. A successful cyberattack is no longer just a data problem, it’s an economic weapon against the entire value chain.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.