Skip to main content

Report On Business Bell apologizes to customers after data breach hits 1.9 million e-mail addresses

Bell Canada’s head office in Montreal is seen in this file photo.

Ryan Remiorz/THE CANADIAN PRESS

BCE Inc.'s Bell Canada has issued an apology to customers after it said nearly 1.9 million customer e-mail addresses and 1,700 names and phone numbers were illegally accessed – while an anonymous note posted online threatens that "more will leak" if the telecom company doesn't co-operate with the group or individual claiming responsibility for the breach.

"We are releasing a significant portion of Bell.ca's data due to the fact that they have failed to [co-operate] with us," says the post, which was published Monday afternoon, several hours before Bell released its apology.

"This shows how Bell doesn't care for its [customers'] safety and they could have avoided this public announcement… Bell, if you don't [co-operate] more will leak :)." The post contains a link purporting to contain the customer information. It does not clarify what the anonymous poster was seeking co-operation for, or any further intent.

Story continues below advertisement

WannaCry: How to protect yourself, what's happened so far and what could happen next

The telecom company has been aware of its data breach since at least last Wednesday but did not disclose details publicly until several hours after the anonymous post on Monday.

Bell says that the attacks were not related to the "WannaCry" ransomware attack that spread across the globe late last week. The global cyberattack hit hundreds of thousands of people worldwide, encrypting their data for a ransom of about $300 (U.S.) in the digital currency bitcoin. While the Bell breach was not connected to the broader attack, digital security breaches have become increasingly rampant in Canada and around the world, prompting many companies and security experts to encourage consumers to regularly change passwords and be vigilant in online activities.

"There is no indication that any financial, password or other sensitive personal information was accessed," the company said in a statement. "Bell took immediate steps to secure affected systems. The company has been working closely with the RCMP cybercrime unit in its investigation and has informed the Office of the Privacy Commissioner."

Bell notified the commissioner's office of the breach on May 10, and had planned to make customers aware of the situation once it had more details. "We are following up with the company with respect to what took place and what it is doing to mitigate the situation," a spokesperson for the commissioner's office told The Globe. "We expect a formal written breach report from Bell very soon."

The spokesperson said by e-mail that they could not provide further details or an interview because of confidentiality provisions in the Personal Information Protection and Electronic Documents Act, Canada's federal private-sector privacy law.

Bell has been contacting affected customers directly to apologize for the situation, noting that it has worked with government and law enforcement to investigate. The company said in e-mails to customers that "there is minimal risk involved" in this data breach but encouraged them to regularly change passwords and security questions and to avoid suspicious e-mails and communications. "Please note that Bell will never ask for your credit card or other personal information by e-mail," it said.

Story continues below advertisement

The company declined to comment on the specifics of the attack, citing security reasons and the ongoing police investigation.

Report an error Editorial code of conduct
Tickers mentioned in this story
Unchecking box will stop auto data updates
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

Cannabis pro newsletter