hiveleak attacks Bell Technical Solutions Inc

Incident Date:

September 15, 2022

World map

Overview

Title

hiveleak attacks Bell Technical Solutions Inc

Victim

Bell Technical Solutions Inc

Attacker

Hiveleak

Location

Etobicoke, Canada

Ontario, Canada

First Reported

September 15, 2022

Bell Technical Solutions Inc. Suffers Ransomware Attack by HiveLeak Group

Overview of the Incident

Bell Technical Solutions Inc., a subsidiary of Bell Canada, has recently fallen victim to a ransomware attack orchestrated by the HiveLeak group. Despite the attack, the company's website remains operational. Specializing in the installation of various Bell services, Bell Technical Solutions plays a crucial role in the Telecommunications sector and employs over 4,500 individuals.

The cyberattack, which took place on August 20, 2022, led to unauthorized access to operational company and employee information. This breach potentially compromised the personal details of residential and small business customers in Ontario and Québec who had scheduled a technician visit. In response, Bell Technical Solutions has taken prompt measures to secure the compromised systems and has confirmed that no databases containing sensitive customer financial information were accessed during the incident.

Response and Investigation

In the wake of the attack, Bell Technical Solutions is actively working with the Royal Canadian Mounted Police's cybercrime unit to investigate the breach. The company has also reported the incident to the Office of the Privacy Commissioner. It is important to note that Bell Technical Solutions operates on a separate IT system from Bell Canada, ensuring that other Bell customers and subsidiaries remain unaffected by this breach.

HiveLeak, the group behind this ransomware attack, is notorious for its aggressive cybercriminal activities, particularly against the U.S. healthcare sector. Employing double extortion tactics, HiveLeak steals valuable files before encrypting them, leveraging this theft to demand ransom from its victims. The group has been active since June 2021 and has been responsible for a significant number of attacks in recent times.

Implications and Precautions

Following the incident, Bell Technical Solutions has issued warnings to its customers about the potential risk of phishing attacks. The company is also in the process of notifying individuals whose private information may have been compromised. To further strengthen its cybersecurity posture, Bell Technical Solutions is collaborating with third-party cybersecurity experts.

This incident underscores the critical need for robust cybersecurity measures within the telecommunications sector, which often handles sensitive customer data. Companies must stay vigilant and invest in advanced security solutions to safeguard their systems and data against the continually evolving cyber threat landscape.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.