The Hive ransomware gang claimed responsibility for an attack that hit the systems of Bell Canada subsidiary Bell Technical Solutions (BTS).
BTS is an independent subsidiary with more than 4,500 employees, specializing in installing Bell services for residential and small business customers across the Ontario and Québec provinces.
While the Canadian telecommunications company didn’t reveal when its network was breached or the attack happened, Hive claims in a new entry added to its data leak blog that it encrypted BTS’ systems almost a month ago, on August 20, 2022.
BTS’ website, usually reachable at bellsolutionstech.ca, is currently inaccessible, however, Bell Canada published a cybersecurity alert following the incident on its own website.
“We became aware that some operational company and employee information was accessed in a recent cybersecurity incident targeted at Bell Technical Solutions,” Bell said.
“The unauthorized party accessed information that may include the name, address and phone number of residential and small business customers in Ontario and Québec who booked a technician visit.
“Bell Technical Solutions took immediate steps to secure affected systems and we want to assure you that no database containing customer information such as credit and debit card numbers, banking or other financial data was accessed in the incident.”
BTS is currently investigating the incident with the help of the Royal Canadian Mounted Police’s cybercrime unit and has notified the Office of the Privacy Commissioner of the breach.
The Bell subsidiary warned customers of the possibility of being targeted in phishing attacks following this incident and advised them to monitor their accounts for any suspicious activity.
“We will directly notify any individuals whose private information may have been accessed. Bell Technical Solutions operates independently from Bell on a separate IT system; other Bell customers or other Bell subsidiaries were not impacted,” the company added.
“We are pursuing our investigation and working with third-party cybersecurity experts on the matter, as well as implementing solutions to further enhance the security of our systems.”
Hive is a Ransomware-as-a-Service (RaaS) operation active since June 2021 behind attacks against dozens of organizations, counting only those victims who had their data leaked online after refusing to pay the ransom,
The Federal Bureau of Investigation (FBI) released some indicators of compromise and technical details associated with Hive ransomware attacks in August 2021.
Like many other ransomware gangs that use double extortion, the FBI said that Hive operators would also steal any files they consider valuable before encryption to pressure their victim to pay the ransom under the threat of a data leak.
Due to an ongoing investigation, Bell Senior Communications Manager Jacqueline Michelis didn’t provide more details when asked to confirm Hive’s claims.
The shared statement rehashed the main points of the alert, saying that the compromised servers contained “operational company and employee information” and that no customer financial data was accessed during the incident.
H/T Dominic Alvieri