Bell Helicopter recently began notifying an undisclosed number of former attendees of the Bell Helicopter Training Academy that their personal information may have been accessed by an unidentified attacker.
On July 3, 2013, the company learned that some training program attendees had received spam that claimed to come from Bell, and determined that the attendees’ information had likely been obtained from a database containing past program attendees’ e-mail addresses. It’s not clear how the database may have been accessed.
The database also included some attendees’ credit card numbers, though there’s no indication at this point that any credit card numbers have been misused as a result of the breach.
“We can assure you that Bell takes the security of your personal information seriously,” Bell IT Security Director Greg Fields wrote in the notification letter [PDF]. “We are in the process of reviewing our security controls in light of this incident. After considering the results of this review, we will implement appropriate measures in an effort to prevent a recurrence.”
All those affected are being offered one free year of credit monitoring via Experian’s ProtectMyID Alert service.