RCMP investigating Bell Canada data breach
Fewer than 100,000 affected, but credit card, banking info never at risk, telecom says
The RCMP has launched an investigation into a data breach at Bell Canada that appears to have compromised customer names and email addresses, but no credit card or banking information.
Bell Canada spokesperson Nathan Gibson told The Canadian Press that “fewer than 100,000 customers were affected.” Stephanie Dumoulin, an RCMP spokesperson, at the police force’s national division in Ottawa, and the Office of the Privacy Commissioner said they couldn’t disclose details.
“We are following up with Bell to obtain information regarding what took place and what they are doing to mitigate the situation, and to determine followup actions,” said the federal privacy watchdog’s spokesperson, Tobi Cohen.
Bell Canada has alerted customers who were affected and also informed them that additional security, authentication and identification requirements have been implemented.
“When discussing your account with our service representatives, you will be asked for this additional information to verify your identity,” its emailed notice to customers said.
Katy Anderson, a Calgary-based digital-rights advocate with OpenMedia, said she’s glad Bell is implementing additional security checks.
“However, this is the second time the company has been hit by hackers in eight months,” Anderson said.
Bell Canada revealed in May that an anonymous hacker had obtained access to about 1.9 million active email addresses and about 1,700 customer names and active phone numbers.
Anderson said the public should realize that centralized data is vulnerable, by its nature.
Bell’s latest data breach follows several other high-profile hacks, including at credit-monitoring company Equifax and car-hailing service Uber, though those companies did not immediately disclose the breaches.
The federal government is in the process of reviewing changes to the Personal Information Protection and Electronic Documents Act that would require companies to notify people in the event of a serious data breach. But until those come into force, Alberta is the only province in Canada that has mandatory reporting requirements for private-sector companies.