A mystery hacker, or hackers, stole 1.9 million customer email addresses from Bell Canada and sought payment before posting some of the data online.
In a statement released by Bell Canada last week, the company claims there is no indication of access to any financial or password information, but confirms the hacker(s) stole customer names, telephones and email addresses.
A threat posted on Pastebin, along with some of the stolen data, claims the attack was due to Bell’s failure to “co-operate” and threatens further exposure of customer data:
“We are releasing a significant portion of Bell.ca’s data due to the fact that they have failed to [co-operate] with us,” the hacker(s) posted on PasteBin on Monday afternoon. “This shows how Bell doesn’t care for its [customers’] safety and they could have avoided this public announcement… Bell, if you don’t [co-operate], more will leak.”
Bell says it has contacted affected customers, taking immediate steps to secure affected systems. The telecoms operator has been working closely with the RCMP cybercrime unit in its investigation and has informed the Office of the Privacy Commissioner. It warns all customers be extra wary of suspicious emails which could be phishing attempts and to keep a close eye on bank statements, even though it is unlikely any financial details have been accessed.
The incident is not connected to the recent WannaCry ransomware attacks, which held PC’s around the globe hostage. However, this attack highlights a trend where hackers cast a wide net and use easily attainable account and identity information as a starting point for high value targets, according to Jason Hart, VP and CTO for data protection at Gemalto.
It serves as a reminder for CSOs and security teams to be aware of who has access to data, how it is moved, stored, how it is transferred and when it is encrypted/decrypted, in order to keep a tighter control.
Being more aware of the potential threats is key and this also means using better identity and access control techniques, with multifactor authentication and encryption.
Bell Canada serves around 21 million customers with fixed line and wireless phone services, internet, television and business communications.
As the world of business becomes more reliant on computers and information & communications technology (ICT), the importance of having a Disaster Recovery Plan (DRP) in place becomes ever more paramount.
Security protection and disaster recovery planning with MF Communications.
Many sectors rely heavily on computer systems, which is why disaster recovery planning, also known as Continuity of Operations Planning (COOP), is so important. Associated with the recovery of information technology data, assets, and facilities, the main objective of any disaster recovery plan is to minimise downtime and data loss.
In the telecoms industry, toll fraud is the most common and costly security problem, with 84% of UK Businesses vulnerable to Toll Fraud Hacking.
Regardless of whether you have analogue, digital or IP business telephone systems, hackers can target your PBX system/IP PBX business telephone systems, with resultant losses in the thousands of pounds.
MF Communications offer customised toll fraud protection to best suit your business needs and requirements.
For more information, including how to put together a disaster recovery plan for your organisation, please email us or call 01892 514687 and ask to speak to one of our UK business consultants.