- Freedom Mobile suffered a supply‑chain breach via subcontractor account, exposing customer PII
- Stolen data includes names, addresses, birth dates, phone numbers, and account numbers; passwords and payment info unaffected
- Company warns of phishing risks; no evidence of data leaks yet, investigation ongoing
Canadian telecommunications provider Freedom Mobile suffered a supply-chain attack recently, in which it lost sensitive data on a yet undisclosed number of customers.
In a data breach notification letter posted on its website earlier this week, Freedom said hackers broke into an account of a subcontractor, through which they accessed personal information “of a limited number” of its customers. The breach was spotted on October 23, and the access was terminated.
However, by the time the compromised account was blocked and disinfected, hackers managed to steal people’s full names, postal addresses, dates of birth, phone numbers (both home and cell), as well as Freedom Mobile account numbers.
Phishing warning issued
While the telco stresses that payment information and passwords were not obtained in the attack, the threat actors stole more than enough information to mount highly devastating phishing attacks.
For example, they could reach out to Freedom Mobile customers, pretending to be the telco, and threaten account termination unless the victims urgently log in (through a fake login page that steals credentials), or download a program (which is actually malware). Such an email, paired with personally identifiable information, could sound credible to the recipients and could therefore result in compromise.
At press time, no threat actors claimed responsibility for the attack, and Freedom Mobile found no evidence of the data leaking into the wild. Still, users are advised to be vigilant with incoming messages, especially those claiming to be coming from the telco, and carrying a sense of urgency. “Freedom Mobile will never ask you for personal information such as credit card numbers, banking information, passwords, or PIN codes by email or SMS,” the notification reads.
Freedom Mobile was founded in 2008 as Wind Mobile, and currently has more than two million customers across Canada. It was acquired by Vidéotron in 2023, bringing the total number of subscribers to over 3.5 million.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
