How The Breach Occurred
The breach, detected on October 23, occurred when a threat actor used a compromised subcontractor’s account to gain access to Freedom’s systems.
Types Of Information Accessed
In a privacy notice sent to affected users, Freedom said the exposed personal information included the following:
- First and last name
- Home address
- Date of birth
- Phone number (home and/or cell)
- Freedom Mobile account number
No payment information or passwords were accessed.
Security Measures And Ongoing Monitoring
The company says it acted quickly once the intrusion was discovered, blocking suspicious accounts and IP addresses and rolling out additional security measures to prevent further unauthorized access.
Freedom says it has implemented corrective measures and continues to monitor its systems. It also emphasized that there is currently no evidence that the stolen data has been misused.
Warnings For Affected Customers
Freedom is urging its customers to stay alert and ignore unexpected messages that ask for personal information or direct them to a website to enter it. It is advising them to avoid clicking on unfamiliar links or attachments from emails or texts, and regularly check their accounts for any unusual or suspicious activity.
The company also recommends users visit the Canadian Anti-Fraud Centre website at https://antifraudcentre-centreantifraude.ca for tips on preventing online scams. Similarly, anyone with concerns can contact the company’s privacy office at [email protected] .
Speaking to the news publication BleepingComputer , a Freedom Mobile spokesperson said that the incident did not disrupt network operations and that “this is not a ransomware type of incident.” The spokesperson declined to say how many customers were affected.
This is not Freedom Mobile’s first data-related issue. In 2019, a third-party vendor unintentionally left an unsecured customer support database online, exposing data belonging to approximately 15,000 Freedom users.
