Canadian cell phone provider Freedom Mobile services over 1.5 million customers in Canada. Recently it was discovered that a third-party customer data management firm named Apptium had an Elasticsearch database left open, leaving almost five million records at risk. A spokesperson for Freedom Mobile’s parent company Shaw Communications stated, “We have discovered that the data that was exposed was contained to a very small number of customers who had opened or made any changes to their accounts at 17 Freedom Mobile retail locations from March 25 to April 15, and any customers who made changes or opened accounts on April 16.” Data found to be exposed are customer names, email addresses, phone numbers, home addresses, dates of birth, customer status level, and Freedom Mobile account numbers. Unencrypted credit card numbers, CVV numbers, account numbers, billing cycle dates, subscription dates, IP addresses associated with a payment method, as well as other service records were included as well. After taking a further look, the researchers found out the database was used to log errors involving customer data. When they discovered the exposed database on April 17th, 2019, they immediately notified Freedom Mobile and they were able to have it secured by a week later on April 24th.
Analyst Notes
Users who were possibly affected should immediately contact credit card and banking entities to let them know they may have been involved in a data breach and to be aware of possible fraudulent transactions. Users should also be aware of increased phishing attempts because of the email addresses and names being included.
