Bell Canada has started informing customers that their personal data has been compromised in a breach that reportedly affects up to 100,000 individuals.
Bell told customers that their names and email addresses were aaccessed by hackers, but the company said in an emailed statement that the attackers also obtained phone numbers, usernames and/or account numbers for a limited number of people. The telecoms company, however, says there is no evidence that credit card or banking information has been compromised.
In response to the incident, Bell has implemented additional authentication and identification requirements for accessing accounts. The company has also advised users to frequently change their password and security questions, and regularly review their financial and online accounts for unauthorized activity.
“The protection of consumer and corporate information is of primary importance to Bell,” John Watson, Executive Vice-President of Customer Experience at Bell Canada, told customers. “We work closely with the RCMP and other law enforcement agencies, government bodies and the broader technology industry to combat the growth of cyber crimes.”
Lisa Baergen, marketing director with Vancouver-based NuData Security, a Mastercard company, pointed out that even limited information such as names and email addresses can be useful to malicious actors.
“We all know bad actors are very talented at preparing fraud schemes with that information, such as phishing scams or dictionary attacks – where fraudsters try certain common passwords based on the user’s personal information,” Baergen said.
“Bell is doing the right thing by evaluating the extent of the damage and keeping customers updated,” she added. “However, to avoid damage after a breach, companies that share clients with Bell can consider applying multi-layered security solutions based on passive biometrics to protect their business and their customers from account takeover of another type of fraud. Online security technologies that evaluate a user or a transaction based on their behavior and not only on their – potentially stolen – static information, thwart all fraudulent attempts that inevitably come after a data breach.”
This is the second time Bell Canada has informed customers of a data breach. In May last year, the company admitted that approximately 1.9 million active email addresses and roughly 1,700 names and active phone numbers were accessed by a hacker.
Bell told SecurityWeek that the latest incident is unrelated to the cyberattack disclosed in May.
*Updated with information from Bell, including clarification that the two incidents are not related