Bell Canada Suffers Significant Data Breach

According to a press release put out by Bell today let the world know that more than 20,000 Bell small business customers have had their information put online. Here’s the details:

Bell today announced that 22,421 user names and passwords and 5 valid credit card numbers of Bell small-business customers were posted on the Internet this weekend. The posting results from illegal hacking of an Ottawa-based third-party supplier’s information technology system.

Delightful. So Bell let a third party have this data and that third party got hacked. Bell gets a #fail on that as in my opinion, data of this sort should never leave a corporation’s control. Now, Bell may be understating the impact of this hack. Here’s what the Toronto Star says:

Bell spokesperson Paolo Pasquini declined to answer questions on when the company first became aware of the privacy breach.However, hacktivist collective NullCrew,which took credit on Twitter for the attack, told followers Bell “knew the vulnerable section of the website for two weeks.”

Several weeks ago, on Jan. 14, the group also tweeted: “Successful day hacking internet service providers is successful. #NullCrew.”

That tweet was followed a day later by another one suggesting the group’s potential target: “Just had a talk with @Bell_Support, this is going to be fun.”

The website Have I Been Pwned?, which uses publicly available data to map privacy breaches, suggested the number of small business owners affected is 40,000 — not 22,421 as Bell reported. Pasquini, however, said the hacked information contained “a large number of duplicate and incomplete records.”

Now affected customers are being contacted and this is being investigated, but here’s what is important. Bell needs to explain what happened here in detail and tell it’s customers in detail how this is never going to happen again, and they need to do that quickly. But knowing Bell, that’s unlikely. Which means that if you value your privacy, you should be shopping around for another telco provider.

Advertisements

2 Responses to “Bell Canada Suffers Significant Data Breach”

  1. […] year came news that Bell Canada was not only pwned by hackers, but they were the subject of an extortion attempt too. Well, it seems that they’ve been pwned again. They’ve sent a note out to affected […]

  2. […] might remember that Bell got pwned in 2018 and 2017. The first time about 100K customers were affected with names and email addresses being accessed. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: