Menu
Browse

Cyber Incident Victim: Bell Canada

Date:

May 2017

Location:

Canada

Summary

Bell Canada disclosed that attackers obtained approximately 1.9 million customer records containing email addresses, phone numbers and names, with an additional 1,700 individuals’ personal details also exposed, while emphasizing that no payment card information, passwords or other sensitive data were accessed. The company stated the breach was unrelated to the WannaCry ransomware outbreak and said it had secured the affected systems, was cooperating with the RCMP cyber crime unit and the Office of the Privacy Commissioner, and was directly notifying those impacted. The company apologized for the incident and noted it was working with law enforcement to identify the perpetrators.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 2 techniques
Threat Actors Type Location
0 actors Available to members Available to members

Description

On May 16, 2017, Bell Canada disclosed that hackers had obtained approximately 1.9 million customer account details. The compromised information included email addresses, phone numbers, and names for an additional 1,700 individuals. Bell Canada emphasized that no payment card numbers, passwords, or other financial data were accessed in the breach. The company stated there was no indication that the incident was related to the global WannaCry malware attacks occurring at the same time. Bell Canada said it was collaborating with the Royal Canadian Mounted Police cyber crime unit and other Canadian law‑enforcement agencies to identify the perpetrators. The Office of the Privacy Commissioner of Canada was also gathering information about the incident. Bell Canada serves roughly 21 million customers across fixed‑line, wireless, internet and television services. The carrier reported revenues of $5.38 billion CAD in its most recent fiscal quarter prior to the disclosure. Bell Canada did not specify whether the stolen data originated from a particular service or product line. The breach marked another privacy‑related event for the telecommunications giant.

Cyber Incident Image

In response, Bell Canada issued an apology to affected customers and began contacting them directly about the compromise. The company said it had taken immediate steps to secure the systems that were impacted by the intrusion. Bell Canada informed the Office of the Privacy Commissioner of the breach as part of its regulatory obligations. The firm noted that this was not its first privacy concern, referencing a 2015 investigation into its use of tracking tools without customer consent. No further details about attacker motives, methods, or potential downstream misuse of the data were provided in the statements. The incident contributed to ongoing scrutiny of telecommunications providers’ data‑protection practices in Canada. Bell Canada’s public statement concluded that it would continue to work with authorities to resolve the matter. No evidence of financial fraud stemming from the stolen account details was reported by the company. The disclosure aimed to reassure customers that sensitive financial and authentication information remained secure. The episode added to the record of privacy incidents involving major Canadian telecom operators.

Sources
Sources available to members
1 source