Freedom Mobile data breach impacts thousands of customers
Freedom Mobile, a major Canadian telecommunications provider, has revealed a data breach which may have exposed sensitive information belonging to thousands of customers.
On Tuesday, cybersecurity researchers Noam Rotem and Ran Locar from vpnMentor said they were able to access a database belonging to Canada’s fourth-largest telco, which was “totally unprotected and unencrypted.”
The database contained the email addresses of customers, phone and mobile numbers, home addresses, dates of birth, customer types, and IP addresses linked to payment methods.
In addition, the researchers say that unencrypted financial data was exposed, including credit numbers and security codes (CVV numbers), alongside credit score responses from Equifax and other credit monitoring services.
Freedom Mobile account numbers, subscription dates, billing cycle dates, and customer service records could also be accessed.
“These records seem to reflect any action taken within a user account, allowing for multiple entries per customer,” the researchers say.
The leak was discovered on April 17, 2019. After attempting to contact the telecommunications giant multiple times, Rotem and Locar received a response on April 24 and the leak was plugged on the same day.
VpnMentor’s researchers say that up to 1.5 million active Freedom Mobile users may have been impacted by the breach and they had full access to over five million records — but as an ethical sticking point the team did not download the database, and so it is not known exactly how many individuals were involved.
Calgary-based Freedom Mobile has hit back against this estimate and claims that the 1.5 million figure is “inaccurate.” Instead, the telco says that only 15,000 customers were affected.
The company claims that customers at 17 retail stores who recently opened or changed account information were involved, according to the Globe and Mail, and the incident occurred due to a new third-party company, Apptium Technologies, which was recently brought in to streamline retail systems.
Freedom Mobile said that there is no evidence that the leaked data has been abused, nor have the firm’s internal systems been compromised in any way.
This is not the only high-profile data breach which has been disclosed this week. In related news, Binance, one of the most popular cryptocurrency trading platforms worldwide, revealed a “large-scale security breach” which has led to the theft of over 7,000 Bitcoin (BTC), which equates to roughly $41 million. Binance intends to absorb the theft so customers are not impacted.
ZDNet has reached out to Freedom Mobile with additional queries and will update if we hear back.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0