Travel kept me from providing some thoughts on the theft of customer data that Bell revealed on Tuesday.
The Globe and Mail reports that the privacy commissioner is now going to look into various aspects of the data loss. Bell has not been completely forthright with exactly what information fell into the wrong hands or in what form (digital or paper) that theft took place.
While Bell says that it is notifying the affected customers who had non-published numbers, the company hasn’t said whether or not it plans to notify the remaining 95% of the 3.4M affected subscribers about what information was stolen. Bell says
No information relating to personal identification numbers, customer credit, credit card numbers, reference checks, billing or long-distance calling details were included in the stolen material.
However, Bell says that it was more information than is found in the phone book:
The customer information recovered in the investigation includes name, address, telephone number and list of Bell services.
There is no mention of exactly what details were in the “list of Bell services.” For example, did the thief get a list of cell phone numbers? Did they find out who subscribes to a Bell security service? A Bell long distance plan with special rates to certain countries? Details about the TV channels that are in subscribers’ Expressvu package? Information about who gets the adult channels? Did they learn about combinations of services that might be indicators that there are children in the home? Or disabled? Or snowbirds who leave their home vacant for months.
Besides the invasion of privacy, all of this information can be used to assist in social engineering fraud or help criminals in targeting vulnerable households.
Bell’s customers deserve to hear the specifics of whether they were part of the affected group and to learn exactly what information was released.
Technorati Tags:
Bell, social engineering