QEC
Company Details
Linkedin ID:
qulliq-energy-corporation
Website:
Employees number:
110
Number of followers:
14,776
NAICS:
22
Industry Type:
Homepage:
qec.nu.ca
IP Addresses:
0
Company ID:
QUL_6289682
Scan Status:
In-progress
Qulliq Energy Corporation Company CyberSecurity Posture
qec.nu.ca
Following Nunavut’s division from the Northwest Territories, the Nunavut Power Corporation took up the mandate to supply electricity to communities in the territory of Nunavut on April 1, 2001. Renamed Qulliq Energy Corporation (QEC) in 2003, this territorial corporation is 100 per cent owned by the Government of Nunavut, and operates at arm’s length from the government, reporting to the territorial Minister responsible for QEC. We are the only generator and distributor of electrical energy in Nunavut. QEC is incorporated and operates under the Qulliq Energy Corporation Act and our energy pricing is regulated pursuant to the Utility Rates Review Council Act. We are committed to supplying safe, reliable and efficient energy through responsive and respectful interaction with all stakeholders. We deliver electricity to approximately 15,000 electrical customers across Nunavut. We generate and distribute power to Nunavummiut through the operation of 25 stand-alone diesel power plants in 25 communities, with a total installed capacity of approximately 76,000 kW. At QEC, we also provide mechanical, electrical and line maintenance from three regional centers: Iqaluit, Rankin Inlet and Cambridge Bay. Our business activities are maintained at the head office located in Baker Lake and corporate offices in Iqaluit. QEC has 200 employees across the territory. All electricity needs in Nunavut are met by imported fossil fuel supplies. Each community in Nunavut has its own independent electricity generation and distribution system. There is no back-up grid. QEC is the only energy corporation in Canada without developed local energy resources or regional electricity transmission capability, creating a situation of high dependency on fossil fuel.
Qulliq Energy Corporation A.I CyberSecurity Scoring
QEC Risk Score (AI oriented)Between 700 and 749
QEC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
QEC Global Score (TPRM)XXXX
QEC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
QEC Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Qulliq Energy Corporation
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: QEC revealed this month that a cyberattack that was identified on January 2023 had affected the company. Information technology used by QEC, such as email, billing, and payroll databases, was impacted even if no operational technology, such as the infrastructure of a power plant, was. Anybody who has been directly impacted by the breach will be notified, according to QEC, which also stated that an outside company is looking into the incident.
QEC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for QEC
Incidents vs Utilities Industry Average (This Year)
No incidents recorded for Qulliq Energy Corporation in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Qulliq Energy Corporation in 2025.
Incident Types QEC vs Utilities Industry Avg (This Year)
No incidents recorded for Qulliq Energy Corporation in 2025.
Incident History — QEC (X = Date, Y = Severity)
QEC cyber incidents detection timeline including parent company and subsidiaries
QEC Company Subsidiaries
Following Nunavut’s division from the Northwest Territories, the Nunavut Power Corporation took up the mandate to supply electricity to communities in the territory of Nunavut on April 1, 2001. Renamed Qulliq Energy Corporation (QEC) in 2003, this territorial corporation is 100 per cent owned by the Government of Nunavut, and operates at arm’s length from the government, reporting to the territorial Minister responsible for QEC. We are the only generator and distributor of electrical energy in Nunavut. QEC is incorporated and operates under the Qulliq Energy Corporation Act and our energy pricing is regulated pursuant to the Utility Rates Review Council Act. We are committed to supplying safe, reliable and efficient energy through responsive and respectful interaction with all stakeholders. We deliver electricity to approximately 15,000 electrical customers across Nunavut. We generate and distribute power to Nunavummiut through the operation of 25 stand-alone diesel power plants in 25 communities, with a total installed capacity of approximately 76,000 kW. At QEC, we also provide mechanical, electrical and line maintenance from three regional centers: Iqaluit, Rankin Inlet and Cambridge Bay. Our business activities are maintained at the head office located in Baker Lake and corporate offices in Iqaluit. QEC has 200 employees across the territory. All electricity needs in Nunavut are met by imported fossil fuel supplies. Each community in Nunavut has its own independent electricity generation and distribution system. There is no back-up grid. QEC is the only energy corporation in Canada without developed local energy resources or regional electricity transmission capability, creating a situation of high dependency on fossil fuel.
Loading...
QEC Similar Companies
Eskom Holdings SOC Ltd
Company profile Eskom Holdings generates, transports and distributes approximately 95% of South Africa’s electricity – making up 60% of the total electricity consumed on the African continent. Eskom is the world’s eleventh-largest power utility in terms of generating capacity, ranks ninth in term
Dubai Electricity & Water Authority - DEWA
Dubai Electricity and Water Authority (DEWA), established on 1 January 1992, stands at the forefront of sustainable energy and water management. With a dedicated workforce of over 11,000 employees, we ensure reliable services across the entire chain of electricity and water production, transmission,
Enedis
Enedis est le gestionnaire du réseau public de distribution d’électricité sur 95 % du territoire français continental. Ses 38 859 collaborateurs assurent chaque jour l’exploitation, l’entretien et le développement de près de 1,3 million de kilomètres de réseau. Raccordement, mise en service, dépann
Grupo Cobra
Grupo Cobra es una compañía global de 80 años de experiencia en el sector de la ingeniería industrial aplicada y servicios especializados. Contamos con un equipo de 18.700 personas especializadas en todos los campos relacionados con la ingeniería, instalación y mantenimiento industrial de infraestru
Centrica is an international energy services and solutions company, founded on a 200-year heritage of serving customers in homes and businesses. We supply energy and services to over 10 million customers, mainly in the UK and Ireland, through brands such as British Gas, Bord Gáis Energy and Centri
Joint stock company "Elektroprivreda Srbije"
Joint stock company Elektroprivreda Srbije as the largest company in Serbia represents economic and energy backbone of the country. The main activities of EPS AD are the production, supply and trade of electricity. EPS is owner a the coal mines, thermopower plant and hydropower plant. EPS supplies e
RWE is leading the way to a green energy world. With its investment and growth strategy Growing Green, RWE is contributing significantly to the success of the energy transition and the decarbonisation of the energy system. Around 20,000 employees work for the company in almost 30 countries worldwide
Dominion Energy
Dominion Energy (NYSE: D), headquartered in Richmond, Va., provides regulated electricity service to 3.6 million homes and businesses in Virginia, North Carolina, and South Carolina, and regulated natural gas service to 500,000 customers in South Carolina. The company is one of the nation’s leading
Grupo Energisa
O Grupo Energisa tem na distribuição de energia elétrica a principal base de seu negócio. Com cinco distribuidoras no Brasil, das quais três na região Nordeste (Energisa Sergipe - Distribuidora de Energia S/A nova denominação de Energipe, no Estado de Sergipe, Energisa Paraíba - Distribuido
.png)
QEC CyberSecurity News
April 12, 2023 07:00 AM
N.W.T. gov't spent $716,000 to address November cybersecurity breach
The territory says a cybersecurity threat last fall was contained and remediated without the exposure of personal or private information.
February 14, 2023 08:00 AM
Ransomware attacks on industrial infrastructure doubled in 2022: Dragos
The number of ransomware attacks on industrial infrastructure grew significantly in 2022, according to cybersecurity firm Dragos.
January 30, 2023 08:00 AM
Qulliq Energy stops short of labelling cyberattack another Nunavut ransomware incident
The Qulliq Energy Corp. says it was locked out of its data in January's cyberattack, but stopped short of calling it a ransomware attack.
January 24, 2023 08:00 AM
Billing database compromised in QEC cyberattack, says VP
The cyberattack against Qulliq Energy Corporation last week targeted a number of the corporation's databases, including payment processing.
January 21, 2023 05:27 AM
Orca describes, Microsoft fixes, four Azure SSRF issues. DNV recovering from ransomware. T-Mobile discloses a data breach. Cyberattack hits Nunavut utility.
Researchers at Orca Security discovered four Server Side Request Forgery (SSRF) vulnerabilities affecting Microsoft Azure instances, two of which could be...
January 20, 2023 08:00 AM
Nunavut energy corporation hit by cybersecurity attack
Nunavut's energy corporation says cybersecurity experts are investigating after it was targeted in a cyberattack over the weekend.
January 19, 2023 08:00 AM
Cyberattack on Nunavut energy supplier limits company operations
A cyberattack on the Qulliq Energy Corporation (QEC) in Canada's Nunavut territory has crippled the company's administrative offices.
January 19, 2023 08:00 AM
Cyberattack hits Nunavut's Qulliq Energy Corp.
Computer systems at Qulliq Energy Corp. are still down after a cybersecurity attack on Sunday, and Nunavut customers are being urged to check their bank...
January 19, 2023 08:00 AM
Nunavut power utility's servers hit by cyber attack
The territorial utility that provides power to Nunavut can't say yet if customer data was copied after a cyber attack earlier this week.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
QEC CyberSecurity History Information
Official Website of Qulliq Energy Corporation
The official website of Qulliq Energy Corporation is https://www.qec.nu.ca/.
Qulliq Energy Corporation’s AI-Generated Cybersecurity Score
According to Rankiteo, Qulliq Energy Corporation’s AI-generated cybersecurity score is 725, reflecting their Moderate security posture.
How many security badges does Qulliq Energy Corporation’ have ?
According to Rankiteo, Qulliq Energy Corporation currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Qulliq Energy Corporation have SOC 2 Type 1 certification ?
According to Rankiteo, Qulliq Energy Corporation is not certified under SOC 2 Type 1.
Does Qulliq Energy Corporation have SOC 2 Type 2 certification ?
According to Rankiteo, Qulliq Energy Corporation does not hold a SOC 2 Type 2 certification.
Does Qulliq Energy Corporation comply with GDPR ?
According to Rankiteo, Qulliq Energy Corporation is not listed as GDPR compliant.
Does Qulliq Energy Corporation have PCI DSS certification ?
According to Rankiteo, Qulliq Energy Corporation does not currently maintain PCI DSS compliance.
Does Qulliq Energy Corporation comply with HIPAA ?
According to Rankiteo, Qulliq Energy Corporation is not compliant with HIPAA regulations.
Does Qulliq Energy Corporation have ISO 27001 certification ?
According to Rankiteo,Qulliq Energy Corporation is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Qulliq Energy Corporation
Qulliq Energy Corporation operates primarily in the Utilities industry.
Number of Employees at Qulliq Energy Corporation
Qulliq Energy Corporation employs approximately 110 people worldwide.
Subsidiaries Owned by Qulliq Energy Corporation
Qulliq Energy Corporation presently has no subsidiaries across any sectors.
Qulliq Energy Corporation’s LinkedIn Followers
Qulliq Energy Corporation’s official LinkedIn profile has approximately 14,776 followers.
NAICS Classification of Qulliq Energy Corporation
Qulliq Energy Corporation is classified under the NAICS code 22, which corresponds to Utilities.
Qulliq Energy Corporation’s Presence on Crunchbase
No, Qulliq Energy Corporation does not have a profile on Crunchbase.
Qulliq Energy Corporation’s Presence on LinkedIn
Yes, Qulliq Energy Corporation maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/qulliq-energy-corporation.
Cybersecurity Incidents Involving Qulliq Energy Corporation
As of November 29, 2025, Rankiteo reports that Qulliq Energy Corporation has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Qulliq Energy Corporation has an estimated 4,142 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Qulliq Energy Corporation ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Qulliq Energy Corporation detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with an outside company is looking into the incident, and communication strategy with anybody who has been directly impacted by the breach will be notified..
Incident Details
Can you provide details on each incident ?
Title: Cyberattack on QEC
Description: QEC revealed this month that a cyberattack that was identified on January 2023 had affected the company. Information technology used by QEC, such as email, billing, and payroll databases, was impacted even if no operational technology, such as the infrastructure of a power plant, was. Anybody who has been directly impacted by the breach will be notified, according to QEC, which also stated that an outside company is looking into the incident.
Date Detected: January 2023
Type: Cyberattack
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyberattack QUL163324223
Data Compromised: Email, billing, and payroll databases
Systems Affected: Email, billing, and payroll databases
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Email, billing and and payroll databases.
Which entities were affected by each incident ?
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Cyberattack QUL163324223
Third Party Assistance: An outside company is looking into the incident
Communication Strategy: Anybody who has been directly impacted by the breach will be notified
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through An outside company is looking into the incident.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Cyberattack QUL163324223
Type of Data Compromised: Email, billing, and payroll databases
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Cyberattack QUL163324223
Investigation Status: An outside company is looking into the incident
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Anybody who has been directly impacted by the breach will be notified.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Cyberattack QUL163324223
Customer Advisories: Anybody who has been directly impacted by the breach will be notified
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Anybody who has been directly impacted by the breach will be notified.
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as An outside company is looking into the incident.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on January 2023.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Email, billing and and payroll databases.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was An outside company is looking into the incident.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Email, billing and and payroll databases.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is An outside company is looking into the incident.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Anybody who has been directly impacted by the breach will be notified.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Description
Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.
Risk Information
cvss4
Base: 8.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Description
Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Description
File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.
Risk Information
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=qulliq-energy-corporation' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
