Canada’s fourth-largest telco Freedom Mobile has suffered a major data breach but the full extent of the attack is not yet known. Freedom Mobile claims that only about 15,000 users were affected but researchers Noam Rotem and Ran Locar from vpnMentor said they were able to access a “totally unprotected and unencrypted” database that listed the contact details, credit card numbers, security codes, and dates of birth of about 1.5 million Freedom Mobile customers.
Read the full report here.
Charlie Osborne filed this report in ZDNet:
The leak was discovered on April 17, 2019. After attempting to contact the telecommunications giant multiple times, Rotem and Locar received a response on April 24 and the leak was plugged on the same day.
VpnMentor’s researchers say that up to 1.5 million active Freedom Mobile users may have been impacted by the breach and they had full access to over five million records — but as an ethical sticking point the team did not download the database, and so it is not known exactly how many individuals were involved.
Calgary-based Freedom Mobile has hit back against this estimate and claims that the 1.5 million figure is “inaccurate.” Instead, the telco says that only 15,000 customers were affected.
The company claims that customers at 17 retail stores who recently opened or changed account information were involved, according to the Globe and Mail, and the incident occurred due to a new third-party company, Apptium Technologies, which was recently brought in to streamline retail systems.
Freedom Mobile said that there is no evidence that the leaked data has been abused, nor have the firm’s internal systems been compromised in any way.
