Bell Canada alerted some customers on Tuesday that their information has been illegally accessed in a data breach that appears to have compromised names and email address but no credit card or banking information.
An emailed warning to consumers issued by John Watson, a Bell Canada executive vice-president, didn’t say how many Bell customers were affected.
In an email to Global News, the company said “fewer than 100,000” customers have been impacted.
The federal Office of the Privacy Commissioner said it had been notified Tuesday of a breach, but that the law limits how much it can reveal at this time.
“We are following up with Bell to obtain information regarding what took place and what they are doing to mitigate the situation, and to determine follow up actions,” it said in an email to The Canadian Press.
WATCH: Video coverage of past data breaches
A Bell Canada executive vice-president, John Watson, apologized on behalf of the company.
Watson also says additional security, authentication and identification requirements have been implemented.
Bell’s notice to customers said additional security, authentication and identification requirements have been implemented.
“When discussing your account with our service representatives, you will be asked for this additional information to verify your identity,” Watson’s email said.
However, the Montreal-based company – Canada’s largest phone company and one of the country’s largest media companies – didn’t provide details on when the breach occurred or if it was related to any other hack.
The announcement comes eight months after Bell Canada revealed that an anonymous hacker had obtained some customers’ names and telephone numbers as well as email addresses.
That hack included approximately 1.9 million active email addresses and approximately 1,700 customer names and active phone numbers.
LISTEN: Does changing passwords protect you from data breaches? Cyber security expert David Shipley weighs in
The latest data breach at Bell also follows several other high profile hacks at companies that have affected Canadians in recent months, including at credit monitoring company Equifax and car-hailing service Uber, though those companies did not immediately disclose the breaches.
Meanwhile, the government is in the process of reviewing changes to the Personal Information Protection and Electronic Documents Act that would require companies to notify people in the event of a serious data breach.
But until those come into force, Alberta is the only province in Canada that has mandatory reporting requirements for private-sector companies.