Home Feature news Bell Canada says it’s been hacked, apologizes to customers

Bell Canada says it’s been hacked, apologizes to customers

Image from Shutterstock.com

Bell Canada says its customer subscriber database has been hacked, with the exposure of almost 2 million email addresses, 1,700 customer names and/or telephone numbers.

“There is no indication that any financial, password or other sensitive personal information was accessed,” the company said in a news release. “This incident is not connected to the recent global WannaCry malware attacks.”

“We apologize to Bell customers for this situation and are contacting those affected directly.”

Meanwhile the Globe and Mail reports that an anonymous note posted on an unspecified online site says the communications company has been threatened: Data from the breach is being released, says the author, and that “more will leak” if the telecom company doesn’t work with the group or individual.

Bell [TSX: BCE] says it took immediate steps to secure affected systems. It has been working closely with the RCMP cyber crime unit in its investigation and has informed the Office of the Privacy Commissioner.

This morning a Bell spokesperson said the company can’t comment further for security reasons and the police investigation. All affected customers should be reached by the end of the day.

While no passwords were were accessed, undoubtedly the thieves will immediately run the email addresses against known databases of stolen passwords from other sites to see if there are any commonly used words, to try and crack the Bell email passwords. They will also run them against popular — and unsafe passwords such as “Password1,” “Password2,” “Monday1” etc., as well as dictionaries. It is not unusual for people to use the same password on different sites.

Thieves will also take the stolen email addresses and add them to lists for sending spam and phishing attacks.

In February, 2014 Bell confirmed more than 20,000 of its small-business customer usernames and passwords, as well as five credit cards, were divulged after a third party IT provider was hacked.  A group that calls itself NullCrew claimed responsibility for the attack on Twitter. Screenshots released by that group to prove its claim suggested the method was an SQL (structured query language) injection attack.

Public disclosure of the breach comes as the Liberal government is discussing breach notification regulations for organizations to comply with the 2015 Digital Privacy Act, which amends the Personal Information Protection and Electronic Documents Act  (PIPEDA), which requires organizations under federal jurisdiction to tell individuals when their personal information has been disclosed in a way that could cause significant harm. Disclosure to the federal privacy commissioner also has to be made.

The regulations will spell out how much disclosure has to be made and how fast after a breach has been discovered. Strictly speaking Bell didn’t have to disclose the breach to victims or the privacy commissioner because the regulations haven’t been proclaimed yet, but it has been accepted as a best practice since the Digital Privacy Act was passed.

Draft regulations may be announced as early as the summer with the intent to make them come into effect at the start of 2018.

Most Popular

London’s Ultra Low Emission Zone to be expanded to all boroughs

In addition to expanding the ULEZ, a number of initiatives will be introduced to support more Londoners, including a new scrappage scheme for people...

EASA appoints consortium to study security measures on aviation safety

Airport General ManagerHartsfield-Jackson Atlanta International AirportBalram Bheodari leads Hartsfield-Jackson Atlanta International Airport as North America’s most efficient airport, due to his vast knowledge of...

Kapsch’s new gantry is robust, sustainable and climate positive

Kapsch TrafficCom has introduced a gantry made from local and renewable resources. It paves the way for sustainable road infrastructure with its negative carbon...

Creating an inclusive workforce at Go-Ahead – it’s about more than just the numbers

Claire Mahoney, Head of Colleague Experience at The Go-Ahead Group, explains why it is important to shift from a ‘diversity only’ lens in order...