Cyber Incident Victim: BCE Inc.
Date:
May 2017
Location:
Canada
Summary
Bell Canada disclosed that hackers accessed approximately 1.9 million customer records, obtaining email addresses, phone numbers and names for an additional 1,700 individuals while confirming that no payment card data or passwords were compromised. The company said it is collaborating with the Royal Canadian Mounted Police cyber crime unit and the Office of the Privacy Commissioner to investigate the breach, which it stated is unrelated to the WannaCry ransomware outbreak affecting other organizations globally.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Tuesday May 16 2017 Bell Canada disclosed that hackers had swiped 1.9 million customer account details. The company emphasized that no payment card numbers or passwords were accessed in the breach. According to the disclosure the compromised information included email addresses, phone numbers and names for an additional 1,700 individuals. Bell Canada serves approximately 21 million customers across fixed line, wireless, internet and television services. The telco reported revenues of $5.38 billion CAD ($3.96 billion USD) in its most recent fiscal quarter at the time of the announcement. The company stated that the incident was not linked to the global WannaCry malware attacks that were occurring concurrently.

Bell Canada said it was working with the Royal Canadian Mounted Police cyber crime unit to investigate the breach and identify the responsible parties. The Office of the Privacy Commissioner of Canada was also notified and began gathering data about the incident. In response Bell Canada took immediate steps to secure the affected systems and prevent further unauthorized access. The carrier apologized to its customers for the situation and began contacting those whose data had been compromised directly. Bell Canada noted that this was not its first privacy related issue, referencing a 2015 investigation into its use of tracking tools without customer consent. The company did not specify which specific service or database had been targeted in the attack.
