TORONTO—The RCMP has launched an investigation into a data breach at Bell Canada that appears to have compromised customer names and email addresses, but no credit card or banking information.
Bell Canada spokesperson Nathan Gibson told The Canadian Press that “fewer than 100,000 customers were affected.”
RCMP spokesperson Stephanie Dumoulin, at the police force’s national division in Ottawa, and the Office of the Privacy Commissioner said they couldn’t disclose details.
ARTICLE CONTINUES BELOW
ARTICLE CONTINUES BELOW
“We are following up with Bell to obtain information regarding what took place and what they are doing to mitigate the situation, and to determine follow up actions,” said the federal privacy watchdog’s spokesperson Tobi Cohen.
Bell Canada has alerted customers who were affected and also informed them that additional security, authentication and identification requirements have been implemented.
“When discussing your account with our service representatives, you will be asked for this additional information to verify your identity,” its emailed notice to customers said.
Katy Anderson, a Calgary-based digital rights advocate with OpenMedia, said she’s glad Bell is implementing additional security checks.
“However, this is the second time the company has been hit by hackers in eight months,” Anderson said in a phone interview.
Bell Canada revealed in May that an anonymous hacker had obtained access to about 1.9 million active email addresses and about 1,700 customer names and active phone numbers.
Anderson said the public should realize that centralized data is vulnerable, by its nature.
ARTICLE CONTINUES BELOW
“When a breach like this happens, which we’re seeing more and more, it’s always a good reminder to change your passwords, update your security questions with things only you would know, and consider using a password manager,” Anderson said
The federal government is in the process of reviewing changes to the Personal Information Protection and Electronic Documents Act that would require companies to notify people in the event of a serious data breach.
But until those come into force, Alberta is the only province in Canada that has mandatory reporting requirements for private-sector companies.
Anyone can read Conversations, but to contribute, you should be a registered Torstar account holder. If you do not yet have a Torstar account, you can create one now (it is free).
To join the conversation set a first and last name in your user profile.
Anyone can read Conversations, but to contribute, you should be a registered Torstar account holder. If you do not yet have a Torstar account, you can create one now (it is free).
To join the conversation set a first and last name in your user profile.
Sign in or register for free to join the Conversation