Cyber Incident Victim: BCE Inc.
Date:
Jan 2018
Location:
Canada
Summary
Authorities are investigating a data breach at Bell Canada that exposed personal information of as many as 100,000 customers. The breach has prompted a police probe to determine the extent of the exposure and the nature of the compromised data. Law enforcement officials are examining the incident to understand how the breach occurred and what information was accessed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late December 2017, Bell Canada's security operations centre detected unusual access patterns within one of its customer information databases. The anomaly prompted an immediate internal investigation to determine the scope and origin of the activity. Investigators found that an unauthorized party had gained access to a subset of records containing personal details of Bell customers. The company promptly contained the exposure by restricting the affected access points and began preserving relevant logs for forensic analysis. On January 23, 2018, Bell Canada issued a public statement disclosing that the incident potentially involved up to 100,000 customers. The disclosed data elements included names, email addresses, telephone numbers, and certain account-related identifiers such as service numbers. Bell Canada emphasized that the breach did not expose financial information, passwords, or sensitive security codes. The organization notified the Office of the Privacy Commissioner of Canada and contacted law enforcement agencies to assist with a joint investigation.

Following the public disclosure, Bell Canada began direct outreach to the customers whose information was believed to be accessed, providing them with a clear description of the data elements involved. As a precaution, the company offered those individuals a complimentary subscription to credit monitoring and identity theft protection services for a period of one year. Bell Canada also implemented additional security measures, including strengthening authentication controls, reviewing privileged access rights, and conducting a comprehensive audit of its network segmentation. The company maintained ongoing communication with the privacy regulator, supplying detailed logs, timestamps, and access records to support the investigative process. Law enforcement officials pursued the case to identify the responsible actors, although no public attribution was made at the time of the disclosure. Bell Canada reported that, after the containment actions, continuous monitoring showed no further signs of unauthorized access to the compromised database.
