Bell acknowledges data breach

Bell Canada has acknowledged hackers have accessed personal information of what it has told CBC News are less than 100,000 customers.

The telco says information accessed included names, email addresses, account user names and numbers, as in some cases phone numbers. Neither credit card nor banking information was accessed.

“We apologize for this situation,” John Watson, Bell’s executive vice-president of customer experience, said a letter to affected customers. “Please note that additional security identification and authentication requirements have been implemented on your account. When discussing your account with our service representatives you will be asked for this additional information to verify your identity.”

Despite being the country’s biggest telco with a large infosec staff Bell is not immune to data breaches. Last May it admitted its customer subscriber database has been hacked, with the exposure of almost 2 million email addresses, 1,700 customer names and/or telephone numbers.

In February 2014, Bell confirmed more than 20,000 of its small-business customer usernames and passwords, as well as five credit cards, were divulged after a third party IT provider was hacked. A group calling itself NullCrew claimed responsibility for the attack on Twitter.

This latest breach comes as the federal government is finalizing the data breach notification requirements federally regulated organizations will have to follow after an incident. Industry experts hope the regulations will be approved before the summer. Draft regulations were released last September. The final regulations could be released as part of a package with the government’s update to its national cyber security strategy for working with the private sector to improve resilience.

In a report last year the Canadian Chamber of Commerce — citing a report from Intel — estimated Canada loses 0.17 per cent of its gross domestic product (GDP) to cybercrime, which is equal to $3.12 billion a year.

The annual IBM-Ponemon Institute cost of a data breach to a Canadian organization study issued last year figured that in 2017 the average total cost to the 27 victim companies was $5.78 million, a decrease of $6.03 million over the previous year. The study looked at the costs incurred 12 industry sectors following the loss or theft of protected personal data and the notification of breach victims as required by various laws. Note that the study excluded companies who had more than 100,000 records breached.

Of those 27 Canadian firm studied breaches the costs ranged from $3.81 million for data breaches involving 10,000 or fewer records to $7.25 million for the loss or theft of 25,001 to 50,000 records.

Of those 27 Canadian firms studied 48 per cent of incidents involved a malicious or criminal attack, 30 per cent involved negligent employees and 22 per cent involved system glitches, which includes both IT and business process failures.

Bell hasn’t said yet what the cause of the latest breach was.

By coincidence today, Symantec released its annual Norton Cyber Security Insights Report, which includes a break-down of answers from 1,120 Canadian consumers surveyed in October 2017. These included:

  • Canadians gained or maintained trust in organizations such as banks and financial institutions (86 per cent), and identity theft protection service providers (79 per cent) despite the attacks that made headlines in 2017.
  • On the other hand, 38 per cent of Canadian respondents said they lost trust in their government to manage their data and personal information within the past year. Thirty-five per cent lost trust in social media platforms.
  • Twenty-nine per cent of Canadian cybercrime victims said they trust in themselves to manage their data and personal information.
  • 52 per cent of cybercrime victims in Canada said they shared their passwords for at least one device or account with others. By comparison, only 31 per cent of non-cybercrime victims said they share their passwords with others. Cybercrime victims in Canada were also more likely to share their passwords for potentially sensitive online accounts such as banking (17 per cent cybercrime victims vs. 12 per cent non-cybercrime victims), social media (20 per cent cybercrime victims vs. 12 per cent non-cybercrime victims) and email accounts (22 per cent cybercrime victims vs. 14 per cent non-cybercrime victims).

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs