Freedom Mobile data breach exposes 15,000 Canadian’s credit details
Canada’s fourth-largest wireless communications provider, Freedom Mobile (formerly Wind Mobile), has said that 15,000 accounts were breached earlier this year, and the company will be notifying customers of any accounts affected. They said the breach began on March 17th and they secured it on April 23rd.
The company were reported to have had no idea their systems were hacked until security firm, vpnMentor, notified them of the data breach. vpnMentor said they had informed Freedom Mobile multiple times, but had received no response. Under Canadian PIPEDA law, organizations that have their information hacked or breached must notify federal privacy commissioner’s office as soon as possible after the breach.
The security firm, vpnMentor, reported in their blog that Freedom Mobile’s customer database was just sitting there for anyone to download.
The blog states: “Our team discovered 5 million unencrypted records, but for ethical reasons, did not download the database so cannot provide exact numbers. The company has since claimed that “only” 15,000 records were exposed. The database was totally unprotected and unencrypted. The data includes credit card and CVV numbers”.
The personal data of customers exposed, includes: email address, home and mobile phone number, home addresses, date of birth, customer type, IP address connected to payment method, unencrypted credit card and CVV numbers, credit score responses from Equifax and other corporations, with reasons for acceptance/rejection.
vpnMentor said they could also access account numbers, subscription dates, billing cycle dates, and customer service records, including locations. Some of the exposed entries also included data from an Equifax database. This included information on credit scores, credit class, and credit card accounts.
vpnMentor claimed it could access at least 5 million unprotected records, further stating that: “Freedom Mobile has at least 1.5 million subscribers, and its parent company is owned by Shaw Communications which has more than 3.2 million customers across Canada. This may the largest breach experienced by a Canadian company”.