Freedom Mobile security flaw leaks personal data of customers

Woof, that's true Freedom. I wonder if their data gets reception everywhere though?

"We have discovered that the data that was exposed was contained to a very small number of customers who had opened or made any changes to their accounts at 17 Freedom Mobile retail locations from March 25 to April 15, and any customers who made changes or opened accounts on April 16,” he said. “Our investigation has revealed that a very limited amount of Freedom Mobile customer data was exposed as the result of a misconfigured server managed by Apptium, a new third-party service provider Freedom Mobile has engaged to streamline our retail customer support processes.”

A forensic investigation is underway, the spokesperson said.

Apptium did not return a request for comment.

- TechCrunch

--
Bell had an event last year

This turned out to be a re-post, though I didn't see it when it came out and I didn't find it when I searched...

Visit thread... Visit: freedom-mobile-security-flaw-leaks-pers ... s-2283382/




....................................................................................................................................

"Freedom Mobile data breach impacts thousands of customers"
Updated: Unencrypted financial information has reportedly been compromised.

By Charlie Osborne for Zero Day | May 8, 2019 -- 09:43 GMT (02:43 PDT) | Topic: Security

Freedom Mobile, a major Canadian telecommunications provider, has revealed a data breach which may have exposed sensitive information belonging to thousands of customers.

On Tuesday, cybersecurity researchers Noam Rotem and Ran Locar from vpnMentor said they were able to access a database belonging to Canada's fourth-largest telco, which was "totally unprotected and unencrypted."

The database contained the email addresses of customers, phone and mobile numbers, home addresses, dates of birth, customer types, and IP addresses linked to payment methods.

In addition, the researchers say that unencrypted financial data was exposed, including credit numbers and security codes (CVV numbers), alongside credit score responses from Equifax and other credit monitoring services.

Freedom Mobile account numbers, subscription dates, billing cycle dates, and customer service records could also be accessed.

"These records seem to reflect any action taken within a user account, allowing for multiple entries per customer," the researchers say.

The leak was discovered on April 17, 2019. After attempting to contact the telecommunications giant multiple times, Rotem and Locar received a response on April 24 and the leak was plugged on the same day.
VpnMentor's researchers say that up to 1.5 million active Freedom Mobile users may have been impacted by the breach and they had full access to over five million records -- but as an ethical sticking point the team did not download the database, and so it is not known exactly how many individuals were involved.

Calgary-based Freedom Mobile has hit back against this estimate and claims that the 1.5 million figure is "inaccurate." Instead, the telco says that only 15,000 customers were affected.
The company claims that customers at 17 retail stores who recently opened or changed account information were involved, according to the Globe and Mail, and the incident occurred due to a new third-party company, Apptium Technologies, which was recently brought in to streamline retail systems.

Freedom Mobile said that there is no evidence that the leaked data has been abused, nor have the firm's internal systems been compromised in any way.

"We've assessed that data from approximately 15 thousand Freedom Mobile customers were affected. We are currently contacting affected customers, and we will provide them with a solution that best suits their needs.
Any reference to 1.5 million customers affected is inaccurate – the researchers could be referencing the number of lines of data exposed but it is certainly not a reference to the number of customers affected. If it is a reference to the number of lines of data, it's worth noting that some customer records could have hundreds or thousands of lines of data, including substantial amounts that do not include any personal information.

Our investigation has revealed that a very limited amount of Freedom Mobile customer data was exposed as the result of a misconfigured server managed by Apptium, a new third-party service provider Freedom Mobile has engaged to streamline our retail customer support processes.

Freedom Mobile has filed a report with the Office of the Privacy Commissioner of Canada (OPC) and we are continuing our investigation into the matter."

https://www.zdnet.com/article/freedom-m ... customers/

Very exciting news, yes. Posted a week ago.
freedom-mobile-security-flaw-leaks-pers ... rs-2283382

I imagine they'll be getting a nasty PCI fine. Storing the CVV is strictly prohibited.

Will delete... / Re-post, though I searched and couldn't find it and it's better to have too many reminders (although in error)...

Visit: freedom-mobile-security-flaw-leaks-pers ... s-2283382/

From a relative, they say reception is not-so-good. 4G for awhile, then some 3G, then some HPSA (or whatever)…

Cheap data that's unreliable and with a constant varying speed that always changing.

At around 3pm, when college and high school students get out of school I suppose, the response time is TERRIBLE because of the demand placed on the network at the time.

chris5555 wrote: ↑ Woof, that's true Freedom. I wonder if their data gets reception everywhere though?