Hacker group demands $50,000 ransom from Bell for stolen customer data

Bell building logo

Two hackers have anonymously come forward to claim responsibility for the recent Bell customer data theft.

In an interview with CBC News conducted over encrypted chat, an individual that uses the handle ‘exodus’ says they, along with their partner, sent a ransom email demanding the equivalent of $50,000 USD in bitcoins to Bell on May 5th.

That same individual went on to claim that they still had access to Bell’s systems even after the initial leak was revealed. In that time, the pair says they were able to obtain “all passwords for Bell customers,” in addition to the 1.9 million email address and approximately 1,700 names and phone numbers that were stolen from the company in the initial data breech.

Bell continues to claim that it has “no indication any financial, password or other sensitive personal information was accessed,” a fact exodus disputes. “It could have been much worse for them,” said exodus to the CBC’s Matt Braga. “We were literally inside Bell’s networks with access to everything.”

For what it’s worth, the pair were unable to provide the CBC with any evidence to support their claims.

Moreover, when asked to comment on exodus’s claims, Marc Choma, Bell’s director of communications, declined. In an earlier interview with Reuters, Choma said Bell had not responded to a ransom notice the company had received.

The pair gave Bell 14 days to comply with its demands. In exchange, they promised to provide “video and cryptographical” evidence that the data was “securely deleted.” “They really don’t care about their customers,” exodus told the CBC.

According to an earlier article from The Globe and Mail, the RCMP’s cyber crimes unit is looking into the data breach, a fact exodus didn’t seem worried about. “… we have owned them,” they said.