Bell Canada (NYSE: BCE) said that 22,421 user names and passwords and five credit card numbers of its small business customers were illegally posted on the Internet over the weekend.
The information was posted after a group of hackers got access to a third-party supplier's information system. SMB customers that reside in Quebec and Ontario were affected by the breach.
A report in Canada.com revealed that Nullcrew, a hacking group, said in a Twitter post that it carried out the attack. The report cites the website Have I Been Pwned, which said that 40,000 customer records were actually affected by the breach.
"The supplier provided an ordering application for some small-business services," said Jean Charles Robillard, a Bell spokesman, in an e-mail to Bloomberg. While Robillard would not name the provider, he said it was not an Internet Service Provider.
Bell said in a prepared statement that it contacted SMBs that were affected by the breach, disabled all affected passwords and informed the credit card companies.
The service provider added that it is working with the supplier and local law enforcement and government security officials. According to the company, none of its network and IT systems were impacted and the incident did not affect Bell residential, mobility or enterprise business customers.
- see the release
- Bloomberg has this article
Bell Canada spends $147M to bring Fibe TV service to Ottawa
Canada's CRTC denies BCE, Bell Aliant's payphone rate increase
Bell Canada wraps up Astral Media deal, outlines leadership team
Bell Canada, Astral extend $3.4 billion acquisition deadline to July 31