Bell Canada alerts customers after data breach

Bell Canada is alerting customersafter hackers illegally accessed the informationoffewer than100,000 customers,the telecom giant told CBCNews.

The breach comes just eight months after 1.9 million customer emails werestolen from Bell's database by an anonymous hacker.

Bell is Canada's largest telecom company, with over 22 million customers.

The information obtained in the latest breach included details such asnames, email addresses, account usernames and numbers,as well as phone numbers.

Bell said there was no indication that credit card, banking or other information was accessed.

But, it wouldnot say when the breach took placeor whether it was related to a past incident.

"We apologize to our customers and are contacting all those affected," said Bell spokesperson Marc Chomain an email.

Bell added that it had notified appropriate government agencies including the Office of the Privacy Commissioner of Canada.

"Bell works closely with law enforcement, government and the broader technology industry to combat the growth of cybercrimes, and we have successfully supported law enforcement in past prosecutions of hackers," Chomasaid.

Ongoing investigation

TobiCohen, a spokesperson for the Office of the Privacy Commissioner, confirmed in an email that Bell had notified itof the breach and that it isfollowing up with the company to get more information and "determine follow up actions."

TheRCMPis also investigating.

Chester Wisniewski, an expert at the datasecurity firmSophos Canada, said the breach did make customers more likely to be victimized by potential phishing attacks; as seen inother big breaches like those atLinkedInand Ashley Madison.

"When you see email addresses leaked, that's a really good thing for spammers and phishing attacks through email, because they know that if you're in Bell's database, youlikely to have some sort of commercial relationship with Bell," he said.

"So, they can send you one of those fake emails saying, 'Hey your cell phone bill is due, click here to login.'"

Wisniewskiadded that Bell was under nolegal obligation to notify customers of the breach, becausestolen email addresses arenot considered personally identifiable such as a driver's licence or social insurance number.

"A lot of times when companieslose this kind of information, they don't even tell you," he said."The good thing about them telling us is to put us on alert for those types of things now."

A person or group claimingto be behind the attack against Bell in May warned in an online post that more data would be leaked if Bell did not co-operate.