Cyber Incident Victim: Bell Canada
Date:
May 2017
Location:
Canada
Summary
Bell Canada reported that hackers accessed approximately 1.9 million customer records, obtaining email addresses, phone numbers, and names, while also exposing contact information for an additional 1,700 individuals. The company stated that no financial data, passwords, or payment card numbers were compromised and that the breach was unrelated to the WannaCry ransomware outbreak. The company worked with the RCMP cyber crime unit, informed the Office of the Privacy Commissioner, and notified affected customers directly.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 16 2017, Bell Canada announced that approximately 1.9 million customer account details had been accessed by unknown attackers. The telco stated that the compromised data did not include payment card numbers, passwords, or other financial information. In addition to the larger set, the breach exposed email addresses, phone numbers, and names for a further 1,700 individuals. Bell Canada serves roughly 21 million customers across fixed line, wireless, internet and television services. The company reported quarterly revenues of $5.38 billion CAD at the time of the disclosure. Bell Canada said there was no indication that any sensitive personal information beyond the disclosed contact details had been accessed. The carrier explicitly noted that the incident was unrelated to the global WannaCry ransomware campaign.

Following the discovery, Bell Canada said it was working with Canadian police to identify those responsible. The company reported that it had taken immediate steps to secure the affected systems. Bell Canada stated it was working closely with the RCMP cyber crime unit in its investigation. The telco also informed the Office of the Privacy Commissioner of Canada about the breach. Bell Canada issued an apology to its customers and began contacting those whose data had been exposed directly.
