Bell, Canada’s largest telecom company, has alerted customers to a data breach — its second known breach in the past eight months.
The breach affected fewer than 100,000 customers, Bell told CBC News, though a more specific estimate wasn’t given. Bell has more than 22 million customers in Canada.
In May 2017, Bell acknowledged that 1.9 million of its customers had their email addresses stolen by an “anonymous hacker.” The hacker also got about 1,700 names and phone numbers from a customer database, the CBC reported.
Information leaked in this latest breach appears to be a bit more detailed, including names, email addresses, account user names and numbers, and phone numbers. Bell said no banking or credit card information was accessed in the breach.
Bell Canada confirms data breach, says hackers accessed customer information including names, email addresses and in some cases phone numbers and user names. Credit cards not thought to be affected. pic.twitter.com/vbGyLCNstW
— CBC News Alerts (@CBCAlerts) January 23, 2018
The alleged hacker from the previous breach previously threatened the company, writing in an online post: “Bell, if you don’t cooperate more will leak :)” Bell hasn’t said when this latest breach actually took place, or if it had any relation to a past incident.
Bell has apparently notified customers of its own accord, as only one Canadian province — Alberta — has mandatory requirements that would force private sector companies to notify customers in the event of a data breach. The Canadian federal government is looking into changes that could force companies to do more in these situations.
[For more details on what you should do if your bank account or credit card has been breached, read our latest blog post.]
U.S. Breach Bills
As widespread data breaches become a more frequent and prevalent part of everyday life, the U.S. government is also considering ways to make companies more responsible. One proposed bill would force credit reporting bureaus — such as Equifax — to pay “massive and mandatory fines” in the event of a breach. This bill would actually put some money back into consumers’ pockets, as well.
Another bill, the Data Security and Breach Notification Act, would require companies to report data breaches within 30 days. A number of states are considering their own bills and resolutions, as well.