Just a few weeks after announcing it intends to expand by deploying carrier plans for 5G networks, Canadian telecom company Freedom Mobile has fallen victim to a data breach, leaking 5 million unencrypted records online.
As confirmed by the carrier, the breach affected personal and financial data of 1,500 customers, fewer than the initial 1.5 million estimated in media by researchers, according to CBC.
“Any reference to 1.5 million customers affected is inaccurate,” said Freedom Mobile.
The customer database was apparently kept on a server that was not password-protected, although it contained sensitive information such as email, phone number, address, date of birth, credit score responses and unencrypted credit card and CVV numbers. This affected customers who made account changes at 17 retail stores.
The investigation revealed the breach affected customers between Mach 25 and approximately April 17, when it was detected. The researchers who detected the breach informed Freedom Mobile, but received no immediate answer. When the carrier replied on April 23, the situation had already been fixed and the database secured. Arguing that they needed more time to determine whether the breach was real, they had chosen to postpone acknowledging the leak.
Freedom Mobile is conducting a forensic investigation to determine the impact of the incident and claims there is no evidence to suggest the leaked data was used for illegal activities. The telecom company says the unsecured database was stored on a “misconfigured server managed by Apptium Technologies,” a third-party vendor they collaborate with.