Bell Canada is the latest to suffer from a data breach. This time, up to 100,000 Canadians are affected.
It almost seems like every week, there is another major data breach or data leak. This month alone, we saw 1 billion people exposed in the Aadhaar data breach, the 20,000 people affected by the SinVR data leak, and the 2.9 million Norwegian’s affected by their medical records being exposed to hackers.
The hits just keep on coming. Now, reports are surfacing that there has been another data breach. This time, it affects nearly 100,000 Canadian customers of one of Canada’s largest ISPs. From the CBC:
Bell Canada is alerting customers after hackers illegally accessed the information of fewer than 100,000 customers, the telecom giant told CBC News.
Bell said there was no indication that credit card, banking or other information was accessed.
But, it would not say when the breach took place or whether it was related to a past incident.
“We apologize to our customers and are contacting all those affected,” said Bell spokesperson Marc Choma in an email.
Bell added that it had notified appropriate government agencies including the Office of the Privacy Commissioner of Canada.
The CBC also points out that this isn’t the first time Bell Canada was breached and had customer information exposed. Last May, Bell Canada suffered another breach where hackers obtained personal information of 1.9 million customers. From the report at the time:
Bell is apologizing to its customers after 1.9 million email addresses and approximately 1,700 names and phone numbers were stolen from a company database.
The information appears to have been posted online, but the company could not confirm the leaked data was one and the same.
Bell, the country’s largest telecommunications company, attributed the incident to “an anonymous hacker,” and says it is working with the RCMP to investigate the breach.
“There is no indication that any financial, password or other sensitive personal information was accessed,” the company wrote in a statement. Bell said the incident was unrelated to the massive spike in ransomware infections that affected an estimated 200,000 computers in more than 150 countries late last week.
One important thing to note is the fact that the timeline in the latest breach wasn’t disclosed. Some companies have been known to wait months, if not years, before disclosing that customer information was exposed. For private companies, there is motivation to leave customers in the dark about the security of their personal information.
That was made clear during the Equifax data breach scandal of 2017. Equifax suffered a major data breach where 145.5 million records were compromised. One major controversial point is the fact that Equifax waited before notifying people that their information was compromised. During that time window, executives sold their shares to the company knowing that they could lose money. By November, an investigation was launched into the matter by themselves. After the investigation into themselves, they cleared themselves of any wrongdoing.
It’s incidents like this that make people in the IT and security community call for laws that say that customers or those affected must be immediately notified.
As for Bell, the fact that this is another major security incident isn’t helping their image. However, the fact that they refused to give a timeline does hurt them because it leaves one to wonder how long ago this breach actually took place. Did this happen months ago? Did this happen years ago? We don’t really know at this stage and, at this point, we are also left to wonder how reluctant are companies to come forward with this sort of thing in the first place.
what we do know is that breaches are happening and they are happening with frightening regularity. Little wonder why some people feel that everyone’s personal information are sitting in the wrong hands at this point by now.
Drew Wilson on Twitter: @icecube85 and Google+.