Bell Customer Data Leak Highlights Need For More Attention On Cyber Security and Data Privacy18 May 2017
Bell, one of Canada’s largest internet providing monopolies, was hacked and had their client information stolen and posted to the Internet on Monday. I have obtained a preliminary list of customers who are effected (which contains over 1.5 million email addresses) and verified a few to ensure the data is real (Bell has since released an apology to the affected customers, also confirming the data).
At a not-small-cost to the Pirate Party we have decided to send an email to each person affected by this breach and let them know their email address and data are now publicly available. Furthermore, there is no telling what additional data (Bandwidth usage records are already available as are internal usernames and passwords) was taken by the hackers including Credit Card information, Pay Per View, customer notes, address information, phone numbers, and account passwords are all items that attackers may (and likely) have access to and could post publicly.
We always advise people to use different passwords for different services, if you are using the same password for any service that’s the same as your Bell password you should change it. If your security question for your banking is the same as your Bell security question, you should change it. If you have a credit card on file with Bell you should consider having it reissued with a new number.
This is a great highlight on why corporations should limit the data they store on their users. When I worked at Shaw, there was a case where a coworker once showed me the account of an ex premier of BC who had adult movies in their Pay-Per-View list, something Shaw keeps indefinitely on their servers. Over the course of my job I encountered a popular Vancouver MP who had their bank information written down in the comments of their account. Their account was closed at that point but Shaw kept the records and that information would be publicly visible if they were ever hacked.
Canada needs stronger data privacy laws to ensure your data, like the information listed above, isn’t inadvertently made public. We also need stronger emphasis on cyber security, it’s a point of pride in our country to defend our relatively safe Northern borders, but what our money should be going into is protecting and bolstering our internet infrastructure that every Canadian relies on every day.
– Travis McCrea