Cyber Incident Victim: Bell Technical Solutions
Date:
Aug 2022
Location:
Canada
Summary
A Bell Canada subsidiary experienced a ransomware attack by the Hive group, compromising systems and accessing operational company data along with employee and customer information including names, addresses, and phone numbers for residential and small business clients in specific Canadian provinces. The attackers encrypted systems but did not access financial databases containing payment details. The subsidiary secured affected infrastructure, initiated an investigation involving law enforcement and cybersecurity experts, notified privacy authorities, and warned customers of potential phishing risks stemming from the breach. Independent IT systems prevented broader impacts across Bell's other operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around August 20, 2022, the Hive ransomware gang executed a cyberattack against Bell Technical Solutions (BTS), a Bell Canada subsidiary specializing in technician deployments for residential and small business customers across Ontario and Québec. Hive publicly claimed responsibility for encrypting BTS systems nearly a month after the incident, adding the company to its data leak blog. BTS, which operates independently from Bell Canada with over 4,500 employees, experienced significant operational disruption, including the inaccessibility of its primary website (bellsolutionstech.ca). Bell Canada confirmed unauthorized access to operational company data and employee information, along with customer details including names, addresses, and phone numbers of individuals who had scheduled technician visits. The compromised data was limited to customers in BTS’s service regions, with no evidence of access to financial databases containing credit/debit card numbers, banking details, or other sensitive financial records.
BTS initiated immediate containment measures to secure affected systems following detection of the breach. The company engaged the Royal Canadian Mounted Police’s cybercrime unit for investigation and formally notified Canada’s Office of the Privacy Commissioner. Public advisories warned customers of potential phishing attempts stemming from the exposed contact information and urged vigilance regarding account activity. BTS emphasized its operational independence from Bell Canada’s IT infrastructure, confirming no impact to other Bell subsidiaries or customer bases. Third-party cybersecurity experts were retained to assist with forensic analysis and implement enhanced security measures. Hive’s involvement aligned with its established Ransomware-as-a-Service model, which historically combines data encryption with double extortion tactics involving exfiltrated data leaks. Bell Canada’s senior communications personnel declined to confirm Hive’s specific claims during the ongoing investigation but reiterated that compromised servers contained only operational and employee data alongside the limited customer information disclosed.