Bell, the largest telecommunications firm in Canada, has admitted that anonymous hackers were able to illegally steal approximately 1.9 million active email addresses and approximately 1,700 names and active phone numbers from its computer systems.
In a statement this week, published on 15 May, the firm said: "There is no indication that any financial, password or other sensitive personal information was accessed. This incident is not connected to the recent global "WannaCry" malware attacks.
"We apologise to Bell customers for this situation and are contacting those affected directly.
"Bell took immediate steps to secure affected systems. The company has been working closely with the Royal Canadian Mounted Police (RCMP) cybercrime unit in its investigation and has informed the Office of the Privacy Commissioner."
The company said there is "minimal risk" for those impacted by the massive breach.
It claimed (against the standard advice of cybersecurity experts) that it is "good practice" for its customers to change their passwords and security questions frequently.
On the security page of its website, Bell stressed to concerned that users it will "never ask customers for credit card or personal information via email" and urged everyone to "be cautious of unsolicited or suspicious communications asking for any personal information."
Bell is Canada's largest communications firm, providing both consumers and businesses with television, internet, home phone and business communications services.
On PasteBin, the hackers posted a statement and a link to the directory of names, addresses and phone numbers. Based on the post, it appears Bell Canada refused to pay a ransom demand to the cybercriminals, however this remains unconfirmed at the time of writing.
The hackers stated: "We are releasing a significant portion of Bell's data due to the fact that they have failed to cooperate with us. This shows how Bell doesn't care for its customer's safety and they could have avoided this public announcement. Bell, if you don't cooperate more will leak."
IBTimes UK has contacted Bell's media team to ask for further clarification about any conversations the company had with the hackers, if security has been bulked up and if any of the hackers' demands were met. We had received no response at the time of writing.
Troy Hunt, a cybersecurity expert and administrator of breach notification service Have I Been Pwned? has, according to his Twitter account, loaded in the compromised email addresses into the platform so users are able to check if they are impacted by the leak.
While the official Bell statement said 1.9 million emails had been accessed, Hunt claimed the trove contained 2.2m in total. "Early feedback from people is that it's legitimate," he tweeted.