Freedom Mobile Exposes Data On Thousands Of Customers

Freedom Mobile Exposes Customers' Data

Freedom Mobile, the Canadian wireless carrier, reportedly exposed its customers’ data and took a week to fix the security lapse after being alerted to it.

According to the report, citing security researchers Noam Rotem and Ran Locar, the two found that an Elasticsearch server of Freedom Mobile had exposed five million logs that included customer data. The server was not password-protected, meaning anyone could get in and access the data, which was in plaintext format. The researchers said it took Freedom Mobile a week to secure the database after it was alerted to the problem.

The database was part of a system the company used to spot errors; it listed the error and any accompanying data, including customers’ information. Some of that information includes names, email addresses, phone numbers, postal addresses, dates of birth, customer types and account numbers, noted the report. Information about customer credit checks conducted by Equifax was also accessible, as well as full credit card numbers with expiration dates and verification numbers.

In a statement to the news outlet, Freedom Mobile said around 15,000 customers were impacted by the data leak. The company has more than 1.5 million customers and is the fourth largest wireless carrier in Canada.

“We have discovered that the data that was exposed was contained to a very small number of customers who had opened or made any changes to their accounts at 17 Freedom Mobile retail locations from March 25 to April 15, and any customers who made changes or opened accounts on April 16,” said Chethan Lakshman, a spokesman for Shaw Communications, the parent company of Freedom Mobile. “Our investigation has revealed that a very limited amount of Freedom Mobile customer data was exposed as the result of a misconfigured server managed by Apptium, a new third-party service provider Freedom Mobile has engaged to streamline our retail customer support processes.”