Freedom Mobile, the fourth-largest wireless carrier in Canada, has disclosed a data breach after attackers hacked into its customer account management platform and stole the personal information of an undisclosed number of customers.
Founded in 2008 as Wind Mobile by telecommunications provider Globalive, Freedom has over 2,2 million subscribers and now says it provides coverage to 99% of Canadians.
Vidéotron, a subsidiary of Canadian telecommunications company Québecor, acquired Freedom in 2023, creating the country’s fourth major wireless carrier with more than 3.5 million mobile customers and nearly 7,500 employees.
In a data breach notification published today, Freedom said it detected a breach of its customer account management platform on October 23.
“Our investigation revealed that a third party used the account of a subcontractor to gain access to the personal information of a limited number of our customers,” Freedom stated.
“We quickly identified the incident and implemented corrective measures and security enhancements, including blocking the suspicious accounts and corresponding IP addresses.”
The personal and contact information exposed in the incident includes first and last names, home addresses, dates of birth, home and/or cell phone numbers, and Freedom Mobile account numbers.
Although it found no evidence that the compromised data has been misused since the breach, the wireless carrier advised affected customers to be suspicious of unexpected messages requesting their personal information or directing them to a website to provide it.
Freedom also recommends not clicking links or downloading attachments from emails or texts that seem suspicious and regularly checking their accounts for unusual activity.
A Freedom Mobile spokesperson told BleepingComputer that the network and operations were not affected and that “this is not a ransomware type of incident.”
While the spokesperson also said that the threat actors used the stolen account of a subcontractor to gain access to “the personal information of a limited number of our customers,” they didn’t share how many customers were affected by the resulting data breach.
In May 2019, Freedom Mobile confirmed another data breach after a third-party vendor exposed an unsecured customer support database online, which contained the data of approximately 15,000 customers.
Update December 03, 16:27 EST: Added Freedom Mobile statement.
Broken IAM isn’t just an IT problem – the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what “good” IAM looks like, and a simple checklist for building a scalable strategy.