ºÚÁϳԹÏÍø

“We are extremely sorry for the delays in payments,� Foster said in an emailed statement. “Invoices are being paid but we know it … (is) causing real issues for our partners.�

Foster said dozens of additional staff have been brought in to speed up the payment process, which has required extensive manual work to get the job done.

“Our IT and finance teams have been working around the clock to restore our systems safely and securely following the impacts of the cyber incident,� Foster’s statement said.

All of the invoices should be paid before the end of the year, but Foster did not say how much money is owed.

CBC News has reported that some contractors are owed hundreds of thousands of dollars.

Tim Houtsma, CEO of Marid Industries, said his steel fabrication company is owed between $60,000 and $70,000.

"It stretches your finances where they really shouldn't be stretched," he said in an interview Monday.

Houtsma said the payment delays have highlighted the fact that the Nova Scotia government has yet to enact "prompt payment" legislation that would apply to construction contracts.

"(The government) started a consultation period maybe two or three years ago, and the file has gone completely silent," said Houtsma, whose company in Windsor Junction, N.S., custom manufactures about 6,000 tons of structural steel every year.

Meanwhile, Nova Scotia Power has said the ransomware attack resulted in some personal information being posted on the dark web, a part of the internet that can be accessed through special software.

In May, the utility said about half of its customers — about 277,000 ratepayers — may have had personal information stolen. Four months later, a report from the Nova Scotia Energy Board said all of the utility’s  customers may be affected in some way.

The independent board said its investigation has been complex, “given the severe nature of the cyberattack."

The stolen data includes names, birth dates, email addresses, home addresses, customer account information, driver’s licence numbers and, in some cases, bank account numbers and social insurance numbers.

The board's report also said the utility has no way of telling individual customers what specific information has been stolen due to “the nature of the breach and the complexity of the systems involved.�

On another front, the board confirmed the cyberattack compromised the company's ability to retrieve electricity usage readings from customers' smart meters. In June, the utility started issuing estimated bills based on an average of previous usage. This prompted some customers to complain they had received inflated bills.

The report, however, said the incident had not caused any disruption to electricity generation, transmission or distribution.

On May 14, the utility — a subsidiary of Halifax-based Emera Inc. — said the consumer reporting agency TransUnion would provide affected customers with two years of credit monitoring at no cost. That offer was extended to five years for all customers on June 25.

This report by ºÚÁϳԹÏÍø was first published Oct. 27, 2025.