Cyberattack on Nunavut energy supplier limits company operations
A wide-ranging cyberattack on the Qulliq Energy Corporation (QEC) in Canada’s Nunavut territory has crippled the company’s administrative offices.
Officials with the company said the attack started on January 15 and while power plants are still operating normally, computer systems at the corporation’s customer care and administrative offices are unavailable.
The company cannot accept bill payment through credit cards but customers can pay using cash or through bank transfers.
The premier of the region, P.J. Akeeagok, said in a statement that the government is working with the company to respond to the incident, with several government departments providing personnel.
“These types of attacks are criminal. Expert cybersecurity and legal advice have been retained and the Royal Canadian Mounted Police are assisting QEC’s ongoing investigation,” Akeeagok said. “Cabinet and our regular members are being kept informed of the situation and are confident in the course of action being taken by the corporation and our public service.”
QEC CEO Rick Hunt said the company activated its response plan as soon as they learned there was a potential issue. The company is still trying to determine what information may have been stolen or accessed during the attack.
They plan to notify any customers if data was stolen during the incident but urged people to monitor their bank and credit card accounts for unusual activity. Customers were also told to change passwords in case the hackers gained access to accounts.
The company still has phone lines available for those who need to report outages or have other issues.
Nunavut has a population of about 40,000 and is Canada’s largest and northernmost territory. It is one of the world’s most sparsely populated regions and is best known for Alert, the northernmost permanently inhabited place on Earth.
It has faced several cyberattacks over the past four years. A 2019 ransomware attack impacted all of the government’s IT systems and services – except for QEC. The Netwalker ransomware group also went after the Northwest Territories Power Corporation in 2020.