A massive data breach was disclosed by Bell Canada, who admitted that hackers infiltrated its systems and stole 1.9 million email addresses and about 1,700 names and active phone numbers of its customers.
The company refused to share more details regarding the stolen information, such as where it was stored and how the attackers managed to access it. Bell Canada has its reasons, however, as the Royal Canadian Mounted Police cyber crime unit is investigating the issues, which makes disclosing more details illegal.
The company did mention that there is no indication that users' financial information was accessed. Furthermore, passwords and other sensitive data were also safe during the breach.
While the breach isn't exactly extensive in terms of the information that was stolen by hackers, it's still a risk to customers. More specifically, people should be careful about the emails they get since phishing messages are quite likely to be coming.
The company notes that it will never ask customers for credit card or other personal information by email. Furthermore, customers should be cautious of unsolicited or suspicious communications asking for personal information or that refer them to websites that may ask for personal information. They should also avoid clicking on links or downloading attachment from emails coming from sources they don't know about.
Lastly, it would be a good idea to change your passwords and security questions if you're a Bell Canada customer, although that advice is good for everyone.
Reports from The Globe indicate that the hackers responsible of the breach are threatening to release more of the stolen data if the telco doesn't co-operate with them. Under the circumstances, it's quite likely that they're being asked for money in exchange of the hackers holding on to the data.
CyberSecurity Law Introduction 网络安全法宣传视频系列
The company has known about the breach for about a week, during which time it notified the commissioner's office and assessed the damages.