Canada's Bell says it ignored hackers payment demands, some info leaked

FILE PHOTO: Daniel Therrien, the nominee to be Canada's Privacy Commissioner, arrives to testify at the Commons access to information, privacy and ethics committee on Parliament Hill in Ottawa June 3, 2014. REUTERS/Chris Wattie

TORONTO (Reuters) - A hacker who stole almost two million customer email addresses from Canada's largest telecommunications company sought payment from BCE Inc's BCE.TO Bell Canada before posting some of the data online, a company spokesman said.

“A demand for payment was made by the hacker, but it was not paid,” Bell spokesman Marc Choma said via email on Tuesday. “We did not reply to their demand.”

The company publicly disclosed the breach late on Monday, saying it exposed about 1.9 million customer email addresses and some 1,700 names and active phone numbers.

The hacker dumped a cache of documents online, including thousands of email addresses and what appeared to be logs of customer service interactions.

The hacker warned that more information would be made public if Bell did not “cooperate”.

“We are waiting for a fuller report sometime today,” Canadian Privacy Commissioner Daniel Therrien told Reuters in a telephone interview on Tuesday, when asked if Bell Canada had followed proper procedures in responding to the cyber attack.

The cyber crime unit of the Royal Canadian Mounted Police is investigating the breach, according to Bell.

Bell said the breach was not connected to the WannaCry “ransomware” attacks that have spread across the globe since Friday and that there were no indications that any financial, password or other sensitive personal information was accessed.

BCE shares fell 0.8 percent to C$60.71 on Tuesday, while the broader index fell 0.6 percent.

Reporting by Alastair Sharp in Toronto; Editing by Jim Finkle and Bill Rigby