Bell says in a release the breach of usernames and passwords occurred when an Ottawa-based third-party supplier had its systems hacked, and the information posted to the Internet this weekend.
A hacking group calling itself Nullcrew is claiming credit for the attack, and tweeted a link to the data early Saturday.
Bell says five valid credit card numbers were included in the information dump.
The telecom giant says the affected account passwords have been frozen, and that it is contacting impacted customers and credit card companies.
Bell says its own systems were not hacked, and that its residential, mobility and enterprise customers are not affected.
The company says it is working with the unidentified third-party supplier along with "law enforcement and government security officials" to investigate the attack.
Twitter postings by the Nullcrew account suggest the supplier's network may have been compromised nearly three weeks ago.
"Successful day hacking Internet service providers is successful," the group tweeted Jan. 14.
Bell (TSX:BCE) spokesman Paolo Pasquini did not say when the company became aware of the attack, saying in an email only that Bell has been "contacting clients this weekend."
Pasquini added that the supplier "provided an ordering application for some small business services." He did not address a query on whether the compromised information had been encrypted.
Also on HuffPost