Bell Subsidiary Hacked, Employee and Customer Data Stolen

Bell Technical Solutions (BTS), a subsidiary of national telecom operator Bell, fell victim to a ransomware attack that accessed some customer data, in addition to “operational” and “employee information” — reports Bleeping Computer.

BTS has more than 4,500 employees and mainly focuses on installing Bell services for residential and small business customers in Ontario and Quebec. The attack was orchestrated by the infamous Hive group on August 20, but BTS or its parent company did not disclose it.

Hive, a Ransomware-as-a-Service (RaaS) operation active since June 2021, publicized the BTS attack on its data leak blog on Thursday, September 15. The group is responsible for attacks against dozens of organizations, and that’s only if you count the victims that refused to pay the ransom and consequently had their data leaked online.

Hive claimed it encrypted BTS’ systems last month. BTS’s website is currently inaccessible, and parent company Bell previously issued a cybersecurity alert on its own website.

“We became aware that some operational company and employee information was accessed in a recent cybersecurity incident targeted at Bell Technical Solutions,” the company said.

“The unauthorized party accessed information that may include the name, address and phone number of residential and small business customers in Ontario and Québec who booked a technician visit.”

While the perpetrators may have absconded with some personal information belonging to BTS customers, Bell assured that customers’ financial information wasn’t touched.

“Bell Technical Solutions took immediate steps to secure affected systems and we want to assure you that no database containing customer information such as credit and debit card numbers, banking or other financial data was accessed in the incident.”

Hive, like many other ransomware gangs, often uses double extortion. What that means is that the group’s operators usually steal any files they consider valuable before encrypting their target’s systems to pressure them to pay the ransom under the threat of a data leak.

BTS warned customers of the possibility of being targeted in phishing attacks following the breach. The Bell subsidiary also advised customers to monitor their accounts for any suspicious activity.

“We will directly notify any individuals whose private information may have been accessed. Bell Technical Solutions operates independently from Bell on a separate IT system; other Bell customers or other Bell subsidiaries were not impacted,” the company added.

“We are pursuing our investigation and working with third-party cybersecurity experts on the matter, as well as implementing solutions to further enhance the security of our systems.”

BTS performs installation of services such as phone, internet and cable for residential and business customers in Ontario and Quebec.

Bell and its subsidiaries are no strangers to hacks. Back in 2017, Bell itself was hacked and a trove of customer information was stolen from the telco. Some cybersecurity experts branded Bell’s (and Rogers’s) networks “easy to hack” at the time.