BCE Inc.’s Bell Canada unit said the user names and passwords of 22,421 of its small-business customers were posted illegally on the Internet this weekend, along with five valid credit-card numbers.
The private information was disclosed after a hacker gained access to the systems of a third-party technology supplier in Ottawa used by Montreal-based Bell, the company said. The customers were in Quebec and Ontario, according to Bell.
“The supplier provided an ordering application for some small-business services,” said Jean Charles Robillard, a Bell spokesman, in an e-mailed response to questions. He declined to name the provider, though said it wasn’t an Internet-service provider. “It impacts our customers, so it’s our issue.”
Bell contacted its customers, disabled all affected passwords and informed the related credit-card companies, according to a statement.
Bell said it’s working with suppliers, law enforcement and government security officials to investigate. The company’s network and systems aren’t affected and the hacking didn’t harm residential, mobility or enterprise business customers, according to Bell, Canada’s second-largest wireless carrier.
The Canadian Press earlier today reported that a hacking group called Nullcrew claimed credit for the attack in a Twitter post that included a link to the data.