Article content continued

In an email sent Tuesday to customers affected by the breach, Bell’s executive vice president of customer experience John Watson said additional security authentication and identification requirements were placed on their accounts.

He recommended customers change passwords and security questions frequently and regularly review accounts for suspicious activity.

“The protection of customer and corporate information is of primary importance to Bell,” Watson wrote.

Bell did not immediately answer questions about when the hack occurred or when it discovered the breach.

Bell informed government agencies of the hack including the Office of the Privacy Commissioner, which confirmed it was notified of the breach on Tuesday.

“We are following up with Bell to obtain information regarding what took place and what they are doing to mitigate the situation, and to determine follow up actions,” privacy commissioner spokeswoman Tobi Cohen said in an email.

It would not provide further details citing confidentially rules in the Personal Information Protection and Electronic Documents Act (PIPEDA).

But the office does outline key steps to respond to privacy breaches. It recommends that businesses immediately contain the breach and notify police if the breach if it appears to involve theft or other criminal activity.

The next step is to evaluate the scale of the breach and the sensitivity of the information accessed. It then recommends notifying individuals if there is a risk of identity theft, financial loss or other harm so the person can take steps to mitigate risk, such as changing their passwords.