Freedom Mobile has disclosed a security incident after attackers gained unauthorized access to its customer account management platform, exposing personal information belonging to an undisclosed number of subscribers.ย
How The Breach Occurred
The breach, detected on October 23, occurred when a threat actor used a compromised subcontractor’s account to gain access to Freedomโs systems.
Freedom, founded in 2008 and now owned by Vidรฉotron under Quรฉbecor, is Canadaโs fourth-largest wireless provider, serving more than 2.2 million subscribers. The company says its network now offers coverage to 99% of Canadians.
Types Of Information Accessed
In a privacy notice sent to affected users, Freedom said the exposed personal information included the following:
- First and last name
- Home address
- Date of birth
- Phone number (home and/or cell)
- Freedom Mobile account number
No payment information or passwords were accessed.
Security Measures And Ongoing Monitoring
The company says it acted quickly once the intrusion was discovered, blocking suspicious accounts and IP addresses and rolling out additional security measures to prevent further unauthorized access.
Freedom says it has implemented corrective measures and continues to monitor its systems. It also emphasized that there is currently no evidence that the stolen data has been misused.
Warnings For Affected Customers
Freedom is urging its customers to stay alert and ignore unexpected messages that ask for personal information or direct them to a website to enter it. It is advising them to avoid clicking on unfamiliar links or attachments from emails or texts, and regularly check their accounts for any unusual or suspicious activity.
The company also recommends users visit the Canadian Anti-Fraud Centre website at https://antifraudcentre-centreantifraude.ca for tips on preventing online scams. Similarly, anyone with concerns can contact the companyโs privacy office at [email protected].
Speaking to the news publication BleepingComputer, a Freedom Mobile spokesperson said that the incident did not disrupt network operations and ย thatย “this is not a ransomware type of incident.โ The spokesperson declined to say how many customers were affected.
This is not Freedom Mobileโs first data-related issue. In 2019, a third-party vendor unintentionally left an unsecured customer support database online, exposing data belonging to approximately 15,000 Freedom users.
