Bell Canada reports client data breach
Hackers have illegally accessed Bell Canada’s customer information for the second time in eight months, prompting an RCMP investigation into the data breach at Canada’ s largest telecommunications company.
“BCE Inc. confirmed Tuesday that hackers got hold of ‘fewer than 100,000’ customers’ information, including names and email addresses. This follows a hack in May 2017 when 1.9 million email addresses and about 1,700 names and phone numbers were stolen from Bell’s database.
“There is no indication that any credit card or other banking information was accessed,” Bell spokesman Marc Choma said in a statement.
“We apologize to our customers and are contacting all those affected.”
Bell said the RCMP is actively investigating the incident, which affected only a fraction of its 22 million subscriptions. Bell said it works closely with police, government and industry partners to combat cyber crime.
In an email sent Tuesday to customers affected by the breach, Bell’s executive vice-president of customerexperience John Watson said additional security authentication and identification requirements were placed on their accounts.
He recommended customers change passwords and security questions frequently and regularly review accounts for suspicious activity.
Bell did not immediately answer questions about when the hack occurred or when it discovered the breach.
Bell informed government agencies of the hack including the Office of the Privacy Commissioner, which confirmed it was notified of the breach on Tuesday.
“We are following up with Bell to obtain information regarding what took place and what they are doing to mitigate the situation, and to determine follow up actions,” privacy commissioner spokeswoman Tobi Cohen said in an email.
It would not provide further details citing confidentially rules in the Personal Information Protection and Electronic Documents Act (PIPEDA).
But the office does outline key steps to respond to privacy breaches. It recommends that businesses immediately contain the breach and notify police if the breach if it appears to involve theft or other criminal activity.
The next step is to evaluate the scale of the breach and the sensitivity of the information accessed. It then recommends notifying individuals if there is a risk of identity theft, financial loss or other harm so the person can take steps to mitigate risk, such as changing their passwords.
The office recommends businesses conduct security audits and review their record retention polices and employee training practices in order to prevent future breaches.