The Hive ransomware gang – one of the most active ransomware groups this year – has claimed responsibility for an attack that crippled the systems of Bell Technical Solutions (BTS), a subsidiary of telecom company Bell Canada.
BTS specializes in installing Bell services for residential and small business customers in Ontario and Quebec; the company has over 4,500 employees. The company’s website is currently down, but Bell Canada has issued an alert on its website warning consumers what had happened.
"We became aware that some operational company and employee information was accessed in a recent cybersecurity incident targeted at Bell Technical Solutions," Bell Canada explained.
"The unauthorized party accessed information that may include the name, address and phone number of residential and small business customers in Ontario and Québec who booked a technician visit,” the telecom continued, adding that BTS “took immediate steps to secure affected systems.”
Bell Canada also gave assurances that no database containing customer information – such as credit and debit card numbers, banking or other financial data – was accessed by the perpetrators.
"We will directly notify any individuals whose private information may have been accessed. Bell Technical Solutions operates independently from Bell on a separate IT system; other Bell customers or other Bell subsidiaries were not impacted," said Bell Canada.
Although neither BTS nor Bell Canada would reveal when the cyberattack occurred, or when the network was breached, BleepingComputer reported that the Hive ransomware group claimed on its data leak log that it had encrypted BTS’ systems on August 20, 2022.
BTS is working with the RCMP’s cybercrime unit on investigating the breach. The company has also notified the Office of the Privacy Commissioner of the incident.
Just last month, Bombardier Recreational Products – manufacturer of the Ski-Doo line of snowmobiles – also found itself in a quandary after the RansomEXX ransomware claimed to have uploaded nearly 30 GB of stolen data from the manufacturer. BRP had also previously suffered an encryption attack, during which the attackers copied off data from the company’s systems.