Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Canadian Telecom Firm Freedom Mobile Exposed Customer Details

Freedom Mobile, Canada’s fourth largest mobile network operator, through a third-party service provider, exposed the details of many customers, including their payment card data.

Freedom Mobile, Canada’s fourth largest mobile network operator, through a third-party service provider, exposed the details of many customers, including their payment card data.

vpnMentor reported on Tuesday that its researchers had identified an unprotected database storing information on Freedom Mobile customers, including email addresses, phone numbers, home addresses, dates of birth, IP addresses associated with payment methods, credit scores (from Equifax and other companies), unencrypted payment card data with CVV codes, locations and other customer service records, and account details.

vpnMentor claimed the unprotected database stored at least 5 million records associated with as many as 1.5 million users, which is roughly Freedom Mobile’s total number of customers.

However, Freedom Mobile, which is owned by Shaw Communications, said the number is inaccurate. Its investigation revealed that the database stored the details of only 15,000 customers who had opened or made any changes to their accounts at 17 Freedom Mobile retail locations between March 25 and April 16.

“Any reference to 1.5 million customers affected is inaccurate – the researchers could be referencing the number of lines of data exposed but it is certainly not a reference to the number of customers affected. If it is a reference to the number of lines of data, it’s worth noting that some customer records could have hundreds or thousands of lines of data, including substantial amounts that do not include any personal information,” a Freedom Mobile spokesperson told SecurityWeek.

“We are also seeing data from test accounts, which is to be expected given the new status of the vendor, and data from people who came to stores and applied for service but didn’t complete a transaction,” the company added.

Freedom Mobile blamed the incident on Apptium Technologies, a company recently contracted to help streamline its retail customer support processes.

The existence of the unprotected database was reported to the telecom firm on April 18 and the issue was addressed on April 23. The company said it took action after verifying the “legitimacy of the researchers’ emails.”

Advertisement. Scroll to continue reading.

Freedom Mobile’s investigation, whose goal is to determine the full scope of the incident, is ongoing. The company claims to have notified the Office of the Privacy Commissioner of Canada (OPC).

vpnMentor recently also identified unprotected databases storing the details of customers of Chinese e-commerce company Gearbest and roughly 80 million households in the United States.

Related: Unprotected MongoDB Instance Exposes 800 Million Emails

Related: AWS S3 Buckets Exposed Millions of Facebook Records

Related: Dow Jones Watchlist Found Exposed to Open Internet

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Raffi Joukhadarian has been named Managing Director and Chief Financial Officer at MorganFranklin Cyber.

Data security firm Rubrik has appointed Kavitha Mariappan as its Chief Transformation Officer.

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.