SaskEnergy and SaskPower were recently notified by a third-party vendor of a cyber security incident involving one of its subcontractors. The vendor provides bill print and mail services to both utilities. A subset of billing records from April 2022 and January 2023 were accessed, which included customer information such as names, service and mailing addresses, outstanding balances, account numbers, and gas or power meter data.
Following notification, SaskEnergy and SaskPower worked with the vendor, along with legal and external security experts, to conduct a thorough investigation.
The incident did not involve SaskEnergy or SaskPower systems and did not affect gas or power service. No payment card information, passwords, or government‑issued identification numbers were involved, and there is no evidence that any other customer information was compromised.
Affected customers are being notified directly by letter and provided with information and support, including access to complimentary credit monitoring and identity protection services. SaskEnergy and SaskPower have reported the incident to the Office of the Information and Privacy Commissioner of Saskatchewan.
What happened?
- SaskEnergy and SaskPower were notified on May 3, 2026, by a third party vendor of a cybersecurity incident involving one of its subcontractors. The vendor provides bill print and mail services to both utilities. A subset of billing records from April 2022 and January 2023 were accessed, which included customer information such as names, service and mailing addresses, outstanding balances, account numbers, and gas or power meter data.
Were SaskEnergy or SaskPower systems affected?
- No. The incident did not involve SaskEnergy or SaskPower systems or networks, and there has been no impact to natural gas or power service.
What information was involved?
- Based on the completed review, certain SaskEnergy and SaskPower billing records from April 2022 and January 2023 were accessed. The records included names, service and mailing addresses, account numbers, outstanding balances, and meter data.
Was any financial or highly sensitive information involved?
- Payment card information, passwords, and government issued identification numbers were not involved. No additional customer information was impacted.
How many customers were affected?
- Approximately 16,200 SaskEnergy and SaskPower customer accounts were affected. All affected customers are being notified directly by letter.
How are affected customers being notified?
- Affected customers are being notified directly by letter. Letters were mailed out via Canada Post on June 8, 2026.
What support is being offered to affected customers?
- As a precautionary measure, affected customers are being offered complimentary credit monitoring and identity protection services for a period of 24 months. Participation in the service is optional.
Is there evidence that customer information has been misused?
- At this time, SaskEnergy and SaskPower are not aware of any misuse of customer information. However, customers are encouraged to remain alert for phishing or fraudulent communications.
I have moved since January 2023. Is my current address part of the breach?
- No. Only the information contained on bills from April 2022 and January 2023 was included in this cybersecurity incident.
What should customers do if they are concerned?
- Customers should review the information provided in their notification letter and follow the recommended steps outlined there. Customers may contact SaskEnergy or SaskPower customer service if they have questions about their account.
Has this incident been reported to regulators?
Yes. SaskEnergy and SaskPower have reported this incident to the Office of the Information and Privacy Commissioner of Saskatchewan.