Police are investigating a new data breach at Bell Canada, which says hackers have illegally obtained customer information, primarily subscriber names and e-mail addresses.
BCE Inc.-owned Bell confirmed on Tuesday that up to 100,000 customers were affected by the hack, which comes about eight months after hackers accessed nearly 1.9 million Bell customer e-mail addresses as well as 1,700 names and phone numbers.
"We apologize to our customers and are contacting all those affected," BCE spokesman Mark Langton said. "There is an active RCMP investigation of the incident and Bell has notified appropriate government agencies including the Office of the Privacy Commissioner."
Mr. Langton said that, in this case, hackers accessed names and e-mail addresses and "in some cases phone number, user name and/or account number." He added there was "no indication that any credit card or other banking information was accessed."
Several customers on Tuesday reported receiving an e-mail from John Watson, executive vice-president of customer experience at Bell, informing them that some of their customer information was illegally accessed.
Mr. Watson apologized for the breach and advised affected subscribers: "It is good practice to change your passwords and security questions frequently and to regularly review all your service and financial accounts for any suspicious activity."
Even non-financial information such as user names can be used by hackers to attempt to break into other accounts owned by the same person, and e-mail addresses can provide a potential list of targets for social engineering scams known as phishing, in which hackers try to convince people to click on malicious links or attachments.
Mr. Langton said Bell – which is Canada's largest communications company and has almost 22 million combined wireless, television, internet and home telephone customers – works closely with police and other government agencies to address cyber crime, adding, "we have successfully supported law enforcement in past prosecutions of hackers."
RCMP spokeswoman Stephanie Dumoulin, at the police force's national division in Ottawa, and the Office of the Privacy Commissioner said that they couldn't disclose details.
"We are following up with Bell to obtain information regarding what took place and what they are doing to mitigate the situation, and to determine follow up actions," said the federal privacy watchdog's spokeswoman Tobi Cohen.
Bell's latest data breach follows several other high-profile hacks, including at credit monitoring company Equifax and ride-hailing service Uber, though those companies did not immediately disclose the breaches.
The federal government is in the process of reviewing changes to the Personal Information Protection and Electronic Documents Act that would require companies to notify people in the event of a serious data breach.
But until those come into force, Alberta is the only province in Canada that has mandatory reporting requirements for private-sector companies.
With files from the Canadian Press