Bell, the largest telecoms provider in Canada, has been hacked and the data of its 1.9 million customers stolen.
While the rest of the world had its attention on the WannaCry ransomware which held PC’s around the globe hostage – including systems critical to the UK’s health service – a hacker, or hacking group, managed to gain access to Bell’s servers in a separate, unrelated incident.
In a brief statement released by Bell Canada, the provider claims the hack resulted in email addresses, customer names and/or telephone numbers being stolen. The company says there is no indication any financial or password information was accessed.
Based on a threat posted along with some of the stolen data on Pastebin, it would appear Bell has become the victim of an extortion attempt. The message claims it was released due to a failure to “co-operate” and threatens further customer data will be posted.
“We are releasing a significant portion of Bell.ca’s data due to the fact that they have failed to [co-operate] with us,” the hacker(s) posted on PasteBin on Monday afternoon. “This shows how Bell doesn’t care for its [customers’] safety and they could have avoided this public announcement… Bell, if you don’t [co-operate], more will leak.”
All customers should be extra wary of suspicious emails which could be phishing attempts. While Bell indicates that it’s unlikely financial details and passwords have been accessed, it’s worth keeping a close eye on bank statements and change their login details with Bell Canada as soon as possible.
The company says it will contact affected customers and that it “took immediate steps to secure affected systems.” Bell has been working closely with the RCMP cyber crime unit in its investigation and has informed the Office of the Privacy Commissioner.
A similar attack on DocuSign earlier this week joins Bell Canada’s data breach, and companies affected by the WannaCry ransomware, to round up a dire week for cybersecurity.
What are your thoughts on the past week’s cybersecurity failures? Let us know in the comments.