INS
Company Details
Linkedin ID:
invest-nova-scotia
Website:
Employees number:
216
Number of followers:
25,111
NAICS:
522293
Industry Type:
Homepage:
investnovascotia.ca
IP Addresses:
0
Company ID:
INV_2647561
Scan Status:
In-progress
Invest Nova Scotia Company CyberSecurity Posture
investnovascotia.ca
Invest Nova Scotia is the business development agency of Nova Scotia, Canada. We work to promote economic growth and community economic development in the province, supporting businesses small and large, new and new to Nova Scotia. Please see the government of Nova Scotia terms of use: http://novascotia.ca/terms/
Invest Nova Scotia A.I CyberSecurity Scoring
INS Risk Score (AI oriented)Between 650 and 699
INS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
INS Global Score (TPRM)XXXX
INS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
INS Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Nova Scotia Power
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Late last month, Nova Scotia Power, the principal electric utility serving the Canadian province, confirmed that a recent cyberattack resulted in the unauthorized access and compromise of personal information belonging to some of its customers. The utility’s investigation revealed that threat actors infiltrated its systems and gained entry to databases containing customer names, addresses, contact details, account numbers and billing histories. While no operational disruption to electrical generation or distribution was reported, the breach exposed sensitive data that could be used for identity fraud, phishing campaigns or other illicit purposes. Nova Scotia Power notified affected individuals by mail and email, advising them to remain vigilant against suspicious communications and offering credit monitoring services to mitigate potential misuse of their information. The company has engaged external cybersecurity experts and law enforcement to determine the full scope of the incident, identify the intrusion vector and shore up defenses against future attacks. Nova Scotia Power emphasized that it is committed to transparency and is taking steps to enhance its network security, strengthen monitoring capabilities and reinforce employee training to prevent a recurrence of such a data compromise.
INS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for INS
Incidents vs International Trade and Development Industry Average (This Year)
Invest Nova Scotia has 0.0% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Invest Nova Scotia has 28.21% more incidents than the average of all companies with at least one recorded incident.
Incident Types INS vs International Trade and Development Industry Avg (This Year)
Invest Nova Scotia reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — INS (X = Date, Y = Severity)
INS cyber incidents detection timeline including parent company and subsidiaries
INS Company Subsidiaries
Invest Nova Scotia is the business development agency of Nova Scotia, Canada. We work to promote economic growth and community economic development in the province, supporting businesses small and large, new and new to Nova Scotia. Please see the government of Nova Scotia terms of use: http://novascotia.ca/terms/
Loading...
INS Similar Companies
John Swire & Sons (H.K.) Ltd.
Swire is a highly diversified global business group which has been in operation for over 200 years. It employs over 121,000 people across the world. Swire Group’s businesses span Property, Beverages & Food Chain, Aviation, Marine Services, Trading & Industrial, as well as Healthcare. Whilst Swire op
Marubeni Corporation
Marubeni Corporation (TSE securities code: 8002) is one of Japan’s largest trading companies (sogo shosha) with more than 165 years of history. Headquartered in Tokyo, Marubeni continues to expand its businesses across the globe, with 130 branches and offices worldwide. Marubeni is involved in th
COTO
¿Sabés lo importante que es para nosotros que formes parte de COTO? Te proponemos superarte con proyectos arquitectónicos increíbles como, por ejemplo, la construcción de un mega centro comercial, o profesionalizarte en Comercio Exterior interactuando con los mercados del mundo más importantes. Ta
Our business involves every part of the palm oil supply chain: from managing plantations and mills to refining crude palm oil and manufacturing palm-based products, supported by an extensive fleet of ship tankers and barges that enhances our logistical capability. We have over 38,000 employees in 13
The World Bank is a vital source of financial and technical assistance to developing countries around the world. Our vision is to create a world free of poverty on a livable planet. We are not a bank in the common sense; we are made up of two unique development institutions owned by 189 member coun
Intertek is a leading Total Quality Assurance provider to industries worldwide. Our network of more than 1,000 laboratories and offices in more than 100 countries, delivers innovative and bespoke Assurance, Testing, Inspection and Certification solutions for our customers' operations and supply cha
Intertek Middle East
Intertek is a leading Total Quality Assurance provider to industries worldwide. Our network of more than 1,000 laboratories and offices in more than 100 countries, delivers innovative and bespoke Assurance, Testing, Inspection and Certification solutions for our customers’ operations and supply chai
ALS
ALS is a global leader in scientific testing, providing comprehensive testing solutions to clients in more than 60 countries across a wide range of industries, including environment, food and beverage, mining, personal care, pharmaceutical, healthcare and equipment reliability. Using state-of-the-ar
As a service provider in the field of international cooperation for sustainable development and international education work, we are dedicated to shaping a future worth living around the world. GIZ has over 50 years of experience in a wide variety of areas, including economic development and employm
.png)
INS CyberSecurity News
December 12, 2025 02:14 PM
Premier Promotes Nova Scotia at Conference of Paris
Premier Tim Houston will speak at the International Economic Forum of the Americas' 9th annual Conference of Paris in France next week.
October 02, 2025 07:00 AM
Voltai Closes Oversubscribed Pre-Seed Round at $1.83M, Propelled by Invest Nova Scotia
DARTMOUTH, Nova Scotia, October 02, 2025--Voltai raises $1.83M pre-seed to commercialize the first viable onboard wave energy harvesting...
October 01, 2025 07:00 AM
AI Tops Cybersecurity Investment Priorities, PwC Finds
PwC found that AI security has become a top investment priority in cyber budgets over the next 12 months, ahead of cloud and network...
September 24, 2025 07:00 AM
New Legislation to Drive Economic Growth, Reduce Red Tape
New legislation introduced today, September 24, will drive economic growth and attract investment by reducing red tape and improving service...
September 24, 2025 07:00 AM
New Tourism Sector Strategy Released
The Nova Scotia Tourism Sector Strategic Plan, released today, September 24, creates a five-year vision for sustainable, year-round tourism...
September 10, 2025 07:00 AM
Helping Women-Led Businesses Adopt Digital Tools
Women-led businesses in Nova Scotia are getting more support to adopt digital tools to help them grow their businesses, be more efficient...
August 26, 2025 07:00 AM
Federal and provincial governments invest in cycling infrastructure in Nova Scotia
PICTOU, NS, Aug. 26, 2025 /CNW/ - The Nova Scotia Blue Route, a province-wide project to create a continuous network of cycling routes,...
August 01, 2025 07:00 AM
Province, Federal Government Invest in Child Care for Colchester, Inverness Counties
Families in Colchester and Inverness counties will soon have more options for child care as new spaces become available with provincial and...
July 24, 2025 07:00 AM
Province Making Improvements to Provincial Parks
The Province is investing to make visiting provincial parks more enjoyable through improvements to roads, trails and accessibility.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
INS CyberSecurity History Information
Official Website of Invest Nova Scotia
The official website of Invest Nova Scotia is https://www.investnovascotia.ca.
Invest Nova Scotia’s AI-Generated Cybersecurity Score
According to Rankiteo, Invest Nova Scotia’s AI-generated cybersecurity score is 697, reflecting their Weak security posture.
How many security badges does Invest Nova Scotia’ have ?
According to Rankiteo, Invest Nova Scotia currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Invest Nova Scotia have SOC 2 Type 1 certification ?
According to Rankiteo, Invest Nova Scotia is not certified under SOC 2 Type 1.
Does Invest Nova Scotia have SOC 2 Type 2 certification ?
According to Rankiteo, Invest Nova Scotia does not hold a SOC 2 Type 2 certification.
Does Invest Nova Scotia comply with GDPR ?
According to Rankiteo, Invest Nova Scotia is not listed as GDPR compliant.
Does Invest Nova Scotia have PCI DSS certification ?
According to Rankiteo, Invest Nova Scotia does not currently maintain PCI DSS compliance.
Does Invest Nova Scotia comply with HIPAA ?
According to Rankiteo, Invest Nova Scotia is not compliant with HIPAA regulations.
Does Invest Nova Scotia have ISO 27001 certification ?
According to Rankiteo,Invest Nova Scotia is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Invest Nova Scotia
Invest Nova Scotia operates primarily in the International Trade and Development industry.
Number of Employees at Invest Nova Scotia
Invest Nova Scotia employs approximately 216 people worldwide.
Subsidiaries Owned by Invest Nova Scotia
Invest Nova Scotia presently has no subsidiaries across any sectors.
Invest Nova Scotia’s LinkedIn Followers
Invest Nova Scotia’s official LinkedIn profile has approximately 25,111 followers.
NAICS Classification of Invest Nova Scotia
Invest Nova Scotia is classified under the NAICS code 522293, which corresponds to International Trade Financing.
Invest Nova Scotia’s Presence on Crunchbase
No, Invest Nova Scotia does not have a profile on Crunchbase.
Invest Nova Scotia’s Presence on LinkedIn
Yes, Invest Nova Scotia maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/invest-nova-scotia.
Cybersecurity Incidents Involving Invest Nova Scotia
As of December 25, 2025, Rankiteo reports that Invest Nova Scotia has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Invest Nova Scotia has an estimated 2,053 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Invest Nova Scotia ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Invest Nova Scotia detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with external cybersecurity experts, and and communication strategy with notified affected individuals by mail and email, communication strategy with advised customers to remain vigilant against suspicious communications, communication strategy with offered credit monitoring services, and enhanced monitoring with yes..
Incident Details
Can you provide details on each incident ?
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach INV900050525
Data Compromised: Customer names, Addresses, Contact details, Account numbers, Billing histories
Identity Theft Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Customer Names, Addresses, Contact Details, Account Numbers, Billing Histories and .
Which entities were affected by each incident ?
Incident : Data Breach INV900050525
Entity Name: Nova Scotia Power
Entity Type: Electric Utility
Industry: Energy
Location: Nova Scotia, Canada
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach INV900050525
Third Party Assistance: External cybersecurity experts
Communication Strategy: Notified affected individuals by mail and emailAdvised customers to remain vigilant against suspicious communicationsOffered credit monitoring services
Enhanced Monitoring: Yes
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through External cybersecurity experts.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach INV900050525
Type of Data Compromised: Customer names, Addresses, Contact details, Account numbers, Billing histories
Sensitivity of Data: High
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach INV900050525
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified Affected Individuals By Mail And Email, Advised Customers To Remain Vigilant Against Suspicious Communications and Offered Credit Monitoring Services.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach INV900050525
Customer Advisories: Notified affected individuals by mail and emailAdvised customers to remain vigilant against suspicious communicationsOffered credit monitoring services
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Notified Affected Individuals By Mail And Email, Advised Customers To Remain Vigilant Against Suspicious Communications, Offered Credit Monitoring Services and .
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach INV900050525
Corrective Actions: Engaged External Cybersecurity Experts, Enhance Network Security, Strengthen Monitoring Capabilities, Reinforce Employee Training,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as External cybersecurity experts, Yes.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Engaged External Cybersecurity Experts, Enhance Network Security, Strengthen Monitoring Capabilities, Reinforce Employee Training, .
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Customer names, Addresses, Contact details, Account numbers, Billing histories and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was External cybersecurity experts.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Customer names, Addresses, Contact details, Account numbers and Billing histories.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Notified affected individuals by mail and emailAdvised customers to remain vigilant against suspicious communicationsOffered credit monitoring services.
.png)
Latest Global CVEs (Not Company-Specific)
Description
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
Risk Information
cvss4
Base: 8.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where the markdown-it-mermaid plugin is initialized with securityLevel: 'loose'. This configuration explicitly permits the rendering of HTML tags within Mermaid diagram nodes. This issue has not been patched at time of publication.
Risk Information
cvss3
Base: 9.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Description
continuwuity is a Matrix homeserver written in Rust. Prior to version 0.5.0, this vulnerability allows a remote, unauthenticated attacker to force the target server to cryptographically sign arbitrary membership events. The flaw exists because the server fails to validate the origin of a signing request, provided the event's state_key is a valid user ID belonging to the target server. This issue has been patched in version 0.5.0. A workaround for this issue involves blocking access to the PUT /_matrix/federation/v2/invite/{roomId}/{eventId} endpoint using the reverse proxy.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON() method (and subsequently when string-ifying objects using JSON.stringify(). The method did not escape objects with 'lc' keys when serializing free-form data in kwargs. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in @langchain/core versions 0.3.80 and 1.1.8, and langchain versions 0.3.37 and 1.2.3
Risk Information
cvss3
Base: 8.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
References
- https://github.com/langchain-ai/langchainjs/commit/e5063f9c6e9989ea067dfdff39262b9e7b6aba62
- https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcore%401.1.8
- https://github.com/langchain-ai/langchainjs/releases/tag/langchain%401.2.3
- https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-r399-636x-v7f6
Description
LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
References
- https://github.com/langchain-ai/langchain/commit/5ec0fa69de31bbe3d76e4cf9cd65a6accb8466c8
- https://github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6
- https://github.com/langchain-ai/langchain/pull/34455
- https://github.com/langchain-ai/langchain/pull/34458
- https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81
- https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.5
- https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=invest-nova-scotia' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
