QEC
Company Details
Linkedin ID:
qulliq-energy-corporation
Website:
Employees number:
112
Number of followers:
14,808
NAICS:
22
Industry Type:
Homepage:
nu.ca
IP Addresses:
0
Company ID:
QUL_6289682
Scan Status:
In-progress
Qulliq Energy Corporation Company CyberSecurity Posture
nu.ca
Following Nunavut’s division from the Northwest Territories, the Nunavut Power Corporation took up the mandate to supply electricity to communities in the territory of Nunavut on April 1, 2001. Renamed Qulliq Energy Corporation (QEC) in 2003, this territorial corporation is 100 per cent owned by the Government of Nunavut, and operates at arm’s length from the government, reporting to the territorial Minister responsible for QEC. We are the only generator and distributor of electrical energy in Nunavut. QEC is incorporated and operates under the Qulliq Energy Corporation Act and our energy pricing is regulated pursuant to the Utility Rates Review Council Act. We are committed to supplying safe, reliable and efficient energy through responsive and respectful interaction with all stakeholders. We deliver electricity to approximately 15,000 electrical customers across Nunavut. We generate and distribute power to Nunavummiut through the operation of 25 stand-alone diesel power plants in 25 communities, with a total installed capacity of approximately 76,000 kW. At QEC, we also provide mechanical, electrical and line maintenance from three regional centers: Iqaluit, Rankin Inlet and Cambridge Bay. Our business activities are maintained at the head office located in Baker Lake and corporate offices in Iqaluit. QEC has 200 employees across the territory. All electricity needs in Nunavut are met by imported fossil fuel supplies. Each community in Nunavut has its own independent electricity generation and distribution system. There is no back-up grid. QEC is the only energy corporation in Canada without developed local energy resources or regional electricity transmission capability, creating a situation of high dependency on fossil fuel.
Qulliq Energy Corporation A.I CyberSecurity Scoring
QEC Risk Score (AI oriented)Between 700 and 749
QEC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
QEC Global Score (TPRM)XXXX
QEC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
QEC Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Qulliq Energy Corporation
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: QEC revealed this month that a cyberattack that was identified on January 2023 had affected the company. Information technology used by QEC, such as email, billing, and payroll databases, was impacted even if no operational technology, such as the infrastructure of a power plant, was. Anybody who has been directly impacted by the breach will be notified, according to QEC, which also stated that an outside company is looking into the incident.
QEC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for QEC
Incidents vs Utilities Industry Average (This Year)
No incidents recorded for Qulliq Energy Corporation in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Qulliq Energy Corporation in 2026.
Incident Types QEC vs Utilities Industry Avg (This Year)
No incidents recorded for Qulliq Energy Corporation in 2026.
Incident History — QEC (X = Date, Y = Severity)
QEC cyber incidents detection timeline including parent company and subsidiaries
QEC Company Subsidiaries
Following Nunavut’s division from the Northwest Territories, the Nunavut Power Corporation took up the mandate to supply electricity to communities in the territory of Nunavut on April 1, 2001. Renamed Qulliq Energy Corporation (QEC) in 2003, this territorial corporation is 100 per cent owned by the Government of Nunavut, and operates at arm’s length from the government, reporting to the territorial Minister responsible for QEC. We are the only generator and distributor of electrical energy in Nunavut. QEC is incorporated and operates under the Qulliq Energy Corporation Act and our energy pricing is regulated pursuant to the Utility Rates Review Council Act. We are committed to supplying safe, reliable and efficient energy through responsive and respectful interaction with all stakeholders. We deliver electricity to approximately 15,000 electrical customers across Nunavut. We generate and distribute power to Nunavummiut through the operation of 25 stand-alone diesel power plants in 25 communities, with a total installed capacity of approximately 76,000 kW. At QEC, we also provide mechanical, electrical and line maintenance from three regional centers: Iqaluit, Rankin Inlet and Cambridge Bay. Our business activities are maintained at the head office located in Baker Lake and corporate offices in Iqaluit. QEC has 200 employees across the territory. All electricity needs in Nunavut are met by imported fossil fuel supplies. Each community in Nunavut has its own independent electricity generation and distribution system. There is no back-up grid. QEC is the only energy corporation in Canada without developed local energy resources or regional electricity transmission capability, creating a situation of high dependency on fossil fuel.
Loading...
QEC Similar Companies
Company profile Eskom Holdings generates, transports and distributes approximately 95% of South Africa’s electricity – making up 60% of the total electricity consumed on the African continent. Eskom is the world’s eleventh-largest power utility in terms of generating capacity, ranks ninth in term
ACCIONA champions a different way of doing business: Business as Unusual, delivering benefits far beyond the corporate realm. Driven by the ambition to leave a positive legacy for society and design a better planet, we lead in developing solutions in renewable energy, sustainable water management,
At Entergy (NYSE: ETR), we power life. More than 100 years ago, our founder Harvey Couch started this company with a handshake, some sawdust and a vision. Couch wanted to bring safe, affordable, reliable energy to the Middle South – energy that would power the lives of people and communities. Toda
Tata Power is one of India’s largest integrated power companies and together with its subsidiaries and jointly controlled entities, has an installed/managed capacity of 14,294 MW. The Company has a presence across the entire power value chain - generation of renewable as well as conventional power i
PT PLN (Persero)
Indonesia State Electricity Corporation PLN has a long history in electricity industry of Indonesia. As the sole provider of electricity in Indonesia, PLN is striving to increase quality of services to all Indonesian. In 1972, in accordance with Government Regulation No.17, the State-owned Electric
Saudi Electricity Company
The Saudi Electricity Company was established on the 5th of April in the year 2000, incorporated in accordance with Council of Ministers Mandate No. 169 dated November 30th, 1998, the Saudi Electricity Company was born out of the merger of smaller regional power company in the central, eastern, west
Dominion Energy (NYSE: D), headquartered in Richmond, Va., provides regulated electricity service to 3.6 million homes and businesses in Virginia, North Carolina, and South Carolina, and regulated natural gas service to 500,000 customers in South Carolina. The company is one of the nation’s leading
As a leading electric and natural gas energy company, we offer a comprehensive portfolio of energy-related products and services to 3.4 million electricity customers and 1.9 million natural gas customers across our eight states: Colorado, Michigan, Minnesota, New Mexico, North Dakota, South Dakota,
As one of the nation’s largest electric utilities, we’re bringing more clean and renewable sources of energy to Southern California. From energy storage to transportation electrification, our employees are working on innovative projects that will help cut emissions and greenhouse gases to provide
.png)
QEC CyberSecurity News
January 14, 2026 02:30 PM
QEC investigating possible data breach after Iqaluit break-in
A recent break-in at the Qulliq Energy Corp. office building in Iqaluit may have exposed roughly 800 paper-based customer records containing...
November 27, 2025 08:00 AM
Nukik Corporation reaches key milestones with Manitoba Hydro and Qulliq Energy Corporation to advance the Kivalliq Hydro-Fibre Link
Progress is being made to advance clean power and connectivity for NunavutRANKIN INLET, Nunavut, Nov. 27, 2025 (GLOBE NEWSWIRE) -- Nukik...
June 12, 2023 07:00 AM
GN taking over Qulliq Energy Corp.’s IT system in wake of cyberattack
The GN will take over Qulliq Energy Corp.'s IT system following a cyberattack on the energy corporation in January.
February 14, 2023 08:00 AM
Ransomware attacks on industrial infrastructure doubled in 2022: Dragos
The number of ransomware attacks on industrial infrastructure grew significantly in 2022, according to cybersecurity firm Dragos.
January 30, 2023 08:00 AM
Qulliq Energy stops short of labelling cyberattack another Nunavut ransomware incident
The Qulliq Energy Corp. says it was locked out of its data in January's cyberattack, but stopped short of calling it a ransomware attack.
January 24, 2023 08:00 AM
Billing database compromised in QEC cyberattack, says VP
The cyberattack against Qulliq Energy Corporation last week targeted a number of the corporation's databases, including payment processing.
January 19, 2023 08:00 AM
Cyberattack hits Nunavut's Qulliq Energy Corp.
Computer systems at Qulliq Energy Corp. are still down after a cybersecurity attack on Sunday, and Nunavut customers are being urged to check their bank...
January 19, 2023 08:00 AM
Nunavut power utility's servers hit by cyber attack
The territorial utility that provides power to Nunavut can't say yet if customer data was copied after a cyber attack earlier this week.
November 03, 2019 07:00 AM
Nunavut ransomware attack impacting 'all government services'
The government of Nunavut's communications system was the victim of a ransomware attack early Saturday morning, and as of Sunday night officials still did not...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
QEC CyberSecurity History Information
Official Website of Qulliq Energy Corporation
The official website of Qulliq Energy Corporation is https://www.qec.nu.ca/.
Qulliq Energy Corporation’s AI-Generated Cybersecurity Score
According to Rankiteo, Qulliq Energy Corporation’s AI-generated cybersecurity score is 726, reflecting their Moderate security posture.
How many security badges does Qulliq Energy Corporation’ have ?
According to Rankiteo, Qulliq Energy Corporation currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Qulliq Energy Corporation been affected by any supply chain cyber incidents ?
According to Rankiteo, Qulliq Energy Corporation has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Qulliq Energy Corporation have SOC 2 Type 1 certification ?
According to Rankiteo, Qulliq Energy Corporation is not certified under SOC 2 Type 1.
Does Qulliq Energy Corporation have SOC 2 Type 2 certification ?
According to Rankiteo, Qulliq Energy Corporation does not hold a SOC 2 Type 2 certification.
Does Qulliq Energy Corporation comply with GDPR ?
According to Rankiteo, Qulliq Energy Corporation is not listed as GDPR compliant.
Does Qulliq Energy Corporation have PCI DSS certification ?
According to Rankiteo, Qulliq Energy Corporation does not currently maintain PCI DSS compliance.
Does Qulliq Energy Corporation comply with HIPAA ?
According to Rankiteo, Qulliq Energy Corporation is not compliant with HIPAA regulations.
Does Qulliq Energy Corporation have ISO 27001 certification ?
According to Rankiteo,Qulliq Energy Corporation is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Qulliq Energy Corporation
Qulliq Energy Corporation operates primarily in the Utilities industry.
Number of Employees at Qulliq Energy Corporation
Qulliq Energy Corporation employs approximately 112 people worldwide.
Subsidiaries Owned by Qulliq Energy Corporation
Qulliq Energy Corporation presently has no subsidiaries across any sectors.
Qulliq Energy Corporation’s LinkedIn Followers
Qulliq Energy Corporation’s official LinkedIn profile has approximately 14,808 followers.
NAICS Classification of Qulliq Energy Corporation
Qulliq Energy Corporation is classified under the NAICS code 22, which corresponds to Utilities.
Qulliq Energy Corporation’s Presence on Crunchbase
No, Qulliq Energy Corporation does not have a profile on Crunchbase.
Qulliq Energy Corporation’s Presence on LinkedIn
Yes, Qulliq Energy Corporation maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/qulliq-energy-corporation.
Cybersecurity Incidents Involving Qulliq Energy Corporation
As of January 25, 2026, Rankiteo reports that Qulliq Energy Corporation has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Qulliq Energy Corporation has an estimated 4,236 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Qulliq Energy Corporation ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Qulliq Energy Corporation detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with an outside company is looking into the incident, and communication strategy with anybody who has been directly impacted by the breach will be notified..
Incident Details
Can you provide details on each incident ?
Title: Cyberattack on QEC
Description: QEC revealed this month that a cyberattack that was identified on January 2023 had affected the company. Information technology used by QEC, such as email, billing, and payroll databases, was impacted even if no operational technology, such as the infrastructure of a power plant, was. Anybody who has been directly impacted by the breach will be notified, according to QEC, which also stated that an outside company is looking into the incident.
Date Detected: January 2023
Type: Cyberattack
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyberattack QUL163324223
Data Compromised: Email, billing, and payroll databases
Systems Affected: Email, billing, and payroll databases
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Email, billing and and payroll databases.
Which entities were affected by each incident ?
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Cyberattack QUL163324223
Third Party Assistance: An outside company is looking into the incident
Communication Strategy: Anybody who has been directly impacted by the breach will be notified
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through An outside company is looking into the incident.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Cyberattack QUL163324223
Type of Data Compromised: Email, billing, and payroll databases
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Cyberattack QUL163324223
Investigation Status: An outside company is looking into the incident
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Anybody who has been directly impacted by the breach will be notified.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Cyberattack QUL163324223
Customer Advisories: Anybody who has been directly impacted by the breach will be notified
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Anybody who has been directly impacted by the breach will be notified.
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as An outside company is looking into the incident.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on January 2023.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Email, billing and and payroll databases.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was An outside company is looking into the incident.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Email, billing and and payroll databases.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is An outside company is looking into the incident.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Anybody who has been directly impacted by the breach will be notified.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=qulliq-energy-corporation' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
