Bell Says Hackers Leaked Data from Over 22,000 Small Business Customers

Bell this morning issued a press release to address a hacking attempt which affected 22,421 small business customers, as their login names and passwords were leaked to the web along with 5 valid credit card numbers, the result of an Ottawa-based third party supplier’s IT system being compromised.

Bell says it has disabled all affected passwords and is working with its supplier, law enforcement agencies and government security personnel to address the matter.

CTV News says a hacking group known as NullCrew is claiming responsibility for the attack. On January 31, the group sent out the following tweet on Twitter:

Re-tweet for a rather large leak on a Canadian ISP. #NullCrew and it begins!

A Bell spokesman told CTV News they have been contacting clients over the weekend did not specify when the attack was known to the company. NullCrew on January 14 tweeted “Successful day hacking internet service providers is successful.”

When a Twitter user informed NullCrew about Bell’s response the hack was related to a third party supplier, the hacking group responded by saying “Quite a laughable claim, Bell actually knows of the breach, they knew the vulnerable section of the website for two weeks.”

Bell emphasized its own network and IT systems were not affected and residential, mobility and enterprise business customers were not impacted.