Canadian telecommunications services provider Freedom Mobile has disclosed a fresh data breach impacting the personal information of a “limited number of customers”.
The incident, the company says, was identified on October 23, and was the result of credential compromise.
Specifically, a threat actor gained access to a subcontractor’s account and used it to log in to Freedom Mobile’s customer account management platform.
“We quickly identified the incident and implemented corrective measures and security enhancements, including blocking the suspicious accounts and corresponding IP addresses,” the company says in an incident notice.
Personal information compromised in the Freedom Mobile data breach includes names, addresses, phone numbers, dates of birth, and customer account numbers.
“Although we have no reason to believe that this information was misused, we encourage you to follow best practices to protect your data,” the wireless carrier’s notice reads.
Freedom Mobile has not shared information on the attackers, nor did it say how many customers might have been affected.
The fourth-largest telecoms provider in Canada following the 2023 acquisition by Quebecor subsidiary Vidéotron, the company has over 3.5 million subscribers.
SecurityWeek has emailed Freedom Mobile for additional information on the incident.
“Our investigation allowed us to conclude with certainty that this is not a ransomware type of incident. A third party used the account of a subcontractor and gained access to the personal information of a limited number of our customers. We quickly identified the incident and implemented corrective measures and security enhancements. Freedom Mobile’s network was not affected, and neither were our operations,” Freedom Mobile told SecurityWeek.
This is not the first Freedom Mobile data breach to become public. In 2019, the company confirmed that customer personal information was exposed after a third-party service provider failed to secure an internet-accessible database.
While initial reports claimed that over 1.5 million people were impacted by the incident, Freedom Mobile downplayed the impact, saying that only 15,000 customers were affected.
*Updated with statement from Freedom Mobile.
Related: Asahi Data Breach Impacts 2 Million Individuals
Related: Spanish Airline Iberia Notifies Customers of Data Breach
Related: 146,000 Impacted by Delta Dental of Virginia Data Breach
Related: Pennsylvania Attorney General Confirms Data Breach After Ransomware Attack
