Just a few weeks after announcing it intends to expand by deploying carrier plans for 5G networks, Canadian telecom company Freedom Mobile has fallen victim to a data breach, leaking 5 million unencrypted records online.
As confirmed by the carrier, the breach affected personal and financial data of 1,500 customers, fewer than the initial 1.5 million estimated in media by researchers, according to CBC.
“Any reference to 1.5
million customers affected is inaccurate,” said Freedom Mobile.
The customer database was apparently
kept on a server that was not password-protected, although it contained
sensitive information such as email, phone number, address, date of birth,
credit score responses and unencrypted credit card and CVV numbers. This
affected customers who made account changes at 17 retail stores.
The investigation revealed the
breach affected customers between Mach 25 and approximately April 17, when it
was detected. The researchers who detected the breach informed Freedom Mobile,
but received no immediate answer. When the carrier replied on April 23, the
situation had already been fixed and the database secured. Arguing that they
needed more time to determine whether the breach was real, they had chosen to
postpone acknowledging the leak.
Freedom Mobile is conducting a forensic investigation to determine the impact of the incident and claims there is no evidence to suggest the leaked data was used for illegal activities. The telecom company says the unsecured database was stored on a “misconfigured server managed by Apptium Technologies,” a third-party vendor they collaborate with.