Bell Canada says it’s been hacked, apologizes to customers

Bell Canada says its customer subscriber database has been hacked, with the exposure of almost 2 million email addresses, 1,700 customer names and/or telephone numbers.

“There is no indication that any financial, password or other sensitive personal information was accessed,” the company said in a news release. “This incident is not connected to the recent global WannaCry malware attacks.”

“We apologize to Bell customers for this situation and are contacting those affected directly.”

Meanwhile the Globe and Mail reports that an anonymous note posted on an unspecified online site says the communications company has been threatened: Data from the breach is being released, says the author, and that “more will leak” if the telecom company doesn’t work with the group or individual.

Bell [TSX: BCE] says it took immediate steps to secure affected systems. It has been working closely with the RCMP cyber crime unit in its investigation and has informed the Office of the Privacy Commissioner.

This morning a Bell spokesperson said the company can’t comment further for security reasons and the police investigation. All affected customers should be reached by the end of the day.

While no passwords were were accessed, undoubtedly the thieves will immediately run the email addresses against known databases of stolen passwords from other sites to see if there are any commonly used words, to try and crack the Bell email passwords. They will also run them against popular — and unsafe passwords such as “Password1,” “Password2,” “Monday1” etc., as well as dictionaries. It is not unusual for people to use the same password on different sites.

Thieves will also take the stolen email addresses and add them to lists for sending spam and phishing attacks.

In February, 2014 Bell confirmed more than 20,000 of its small-business customer usernames and passwords, as well as five credit cards, were divulged after a third party IT provider was hacked.  A group that calls itself NullCrew claimed responsibility for the attack on Twitter. Screenshots released by that group to prove its claim suggested the method was an SQL (structured query language) injection attack.

Public disclosure of the breach comes as the Liberal government is discussing breach notification regulations for organizations to comply with the 2015 Digital Privacy Act, which amends the Personal Information Protection and Electronic Documents Act  (PIPEDA), which requires organizations under federal jurisdiction to tell individuals when their personal information has been disclosed in a way that could cause significant harm. Disclosure to the federal privacy commissioner also has to be made.

The regulations will spell out how much disclosure has to be made and how fast after a breach has been discovered. Strictly speaking Bell didn’t have to disclose the breach to victims or the privacy commissioner because the regulations haven’t been proclaimed yet, but it has been accepted as a best practice since the Digital Privacy Act was passed.

Draft regulations may be announced as early as the summer with the intent to make them come into effect at the start of 2018.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now