On Tuesday, May 7th, 2019, Freedom Mobile confirmed that it incurred a data breach between March 25th to April 16 that affected approximately 15,000 of its customers. This was a result of a misconfigured server that’s managed by one of their new third-party service providers, Apptium.
This confirmation, however, is different than what was reported on vpnMentor.com which claimed that the breach actually exposed the personal data of up to 5 million users, 1.5 million which are currently active with Freedom Mobile. This was discovered by two of vpnMentor’s hactivists.
“Our team discovered 5 million unencrypted records, but for ethical reasons, did not download the database so cannot provide exact numbers.” – vpnMentor
The blog also says the unencrypted personal data includes the following:
- Email addresses
- Phone numbers
- Home addresses
- Date of births
- IP addresses (linked to payment method)
- Credit card and CVV numbers
- Responses from Equifax and other credit reporting agencies
In response to this, Freedom Mobile issued a statement to Daily Hive to shut down these claims:
“Any reference to 1.5 million customers affected is inaccurate… (the researchers) could be referencing the number of lines of data expose, but it is certainly not a reference to the number of customers affected.” – Chethan Lakshma, Vice President of External Affairs
To conclude, Lakshma said the data exposure was discovered and rectified on April 23rd.
It’s still too soon to know the full details and impact of the Freedom Mobile data breach, but one thing we’ve learned so far is that we should never leave sensitive customer information unencrypted.