Bell Canada alerts customers who may be affected by data breach
David Paddon, The Canadian Press
Published Tuesday, January 23, 2018 12:58PM EST
Last Updated Tuesday, January 23, 2018 4:07PM EST
TORONTO -- The RCMP has launched an investigation into a data breach at Bell Canada that appears to have compromised customer names and email addresses, but no credit card or banking information.
Media reports put the number at about 100,000 but RCMP spokeswoman Stephanie Dumoulin, at the police force's national division in Ottawa, and the Office of the Privacy Commissioner said that they couldn't disclose details.
"We are following up with Bell to obtain information regarding what took place and what they are doing to mitigate the situation, and to determine follow up actions," said the federal privacy watchdog's spokeswoman Tobi Cohen.
Bell Canada's representatives have alerted customers who were affected, but didn't answer questions about how many customers were impacted, when the breach occurred, or if the data release was related to an earlier breach last year.
Bell also told customers that additional security, authentication and identification requirements have been implemented.
"When discussing your account with our service representatives, you will be asked for this additional information to verify your identity," its emailed notice to customers said.
Katy Anderson, a Calgary-based digital rights advocate with OpenMedia, said she's glad Bell is implementing additional security checks.
"However, this is the second time the company has been hit by hackers in eight months," Anderson said in a phone interview.
Bell Canada revealed in May that an anonymous hacker had obtained access to about 1.9 million active email addresses and about 1,700 customer names and active phone numbers.
Anderson said that the public should realize that centralized data is vulnerable, by its nature.
"When a breach like this happens, which we're seeing more and more, it's always a good reminder to change your passwords, update your security questions with things only you would know, and consider using a password manager," Anderson said.
Bell's latest data breach follows several other high-profile hacks, including at credit monitoring company Equifax and car-hailing service Uber, though those companies did not immediately disclose the breaches.
The federal government is in the process of reviewing changes to the Personal Information Protection and Electronic Documents Act that would require companies to notify people in the event of a serious data breach.
But until those come into force, Alberta is the only province in Canada that has mandatory reporting requirements for private-sector companies.
The statement from Bell:
Hackers illegally accessed some customer information, including name, email address and in some cases phone number, user name and/or account number, for a limited number of Bell customers. There is no indication that any credit card or other banking information was accessed.
We apologize to our customers and are contacting all those affected. There is an active RCMP investigation of the incident and Bell has notified appropriate government agencies including the Office of the Privacy Commissioner.
Bell works closely with law enforcement, government and the broader technology industry to combat the growth of cyber crimes, and we have successfully supported law enforcement in past prosecutions of hackers.