National telecom Bell has confirmed that “fewer than 100,000” customers have had their private information illegally accessed by hackers.
According to a Bell spokesperson who spoke with MobileSyrup via email, hackers were able to access the account numbers, telephone numbers, email addresses and usernames of “fewer than 100,000” customers.
“There is no indication that any credit card or other banking information was accessed,” reads an excerpt from a Bell email to MobileSyrup.
The RCMP is currently investigating the incident, and Bell said that it had notified the appropriate governmental agencies about the hack.
The Office of the Privacy Commissioner of Canada (OPC) confirmed to MobileSyrup via email that it had been notified of the hack.
“We are following up with Bell to obtain information regarding what took place and what they are doing to mitigate the situation, and to determine follow up actions,” said an OPC spokesperson, in an email to MobileSyrup.
Due to the confidentiality provisions in the Personal Information Protection and Electronic Documents Act (PIPEDA), the OPC was unable to provide any further details.
An early morning email from Bell
Bell customers were first made aware of the hack on Tuesday, January 23rd, 2018.
According to an email sent to Bell customers, from Bell executive vice president of customer experience John Watson, private information including names, account numbers, telephone numbers, email addresses and usernames could have been accessed in a privacy breach.
A Bell customer service representative later confirmed the email’s authenticity in a phone call with MobileSyrup, explaining that a “small subset within our accounts” have been potentially affected.
“Please note that additional security authentication and identification requirements have been implemented on your account,” reads an excerpt from the Watson email. “When discussing your account with our service representatives, you will be asked for this additional information to verify your identity.”
This is Bell’s second major cybersecurity incident in under a year. The company was previously breached in May 2017, when roughly 1.9 million active email addresses and 1,700 names and active phone numbers were accessed by an anonymous hacker.
Have you been affected by this cybersecurity incident? We’d like to hear from you. Contact the MobileSyrup team at firstname.lastname@example.org with your experience.
Update 23/01/2018 (1): Story updated with additional information from Bell and numbers from the Globe and Mail.
Update 23/01/2018 (2): Story updated with additional information from the OPC.
Update 23/01/2018 (3): Story updated and revised, reference to the Globe and Mail removed.