A women walks past the new rebranding sign of Freedom Mobile in Toronto on Thursday, November 24, 2016. Freedom Mobile says about 15,000 customers were affected by a security breach in a new system before the problem was fixed on April 23. THE CANADIAN PRESS/Nathan Denette

Freedom Mobile hit by data breach, company says up to 15,000 customers affected

It said the breach affected customers at 17 retail stores who opened or changed accounts

Freedom Mobile confirmed Tuesday it had a data security breach from late March to late April, but the wireless carrier said only about 15,000 customers were affected — far fewer than an outside research firm’s estimate.

The Calgary-based company — which operates networks in Ontario, Alberta and British Columbia — was apparently warned of the breach by researchers at vpnMentor, which announced it to the press.

The vpnMentor report said two of its researchers, Noam Rotem and Ran Locar, had warned Freedom of their findings on April 17, 18 and 23 but didn’t get a response from the company until April 24.

“For ethical reasons, we didn’t download the database, so we don’t know exactly how many people were affected,” the blog said.

However, the blog was posted under the title “Report: Freedom Mobile Customer Data Breach Exposes 1.5 Million Customers” based on the assumption that hackers could access unencrypted data from all of Freedom’s customer base.

Freedom said in an emailed statement that “any reference to 1.5 million customers affected is inaccurate … “

The company said its investigation determined the breach began on March 25 and affected data processed by a new external third-party vendor, Apptium Technologies, that had been hired to streamline its retail customer support.

“The internal systems of Freedom Mobile or (parent) Shaw Communications were not compromised as part of this third-party vendor security exposure,” the company said in a statement.

It said the breach affected customers at 17 retail stores who opened or changed accounts as late as April 15 or made changes to opened accounts on April 16. It said the problem was fixed by April 23.

Freedom also said that it had found no evidence, as of Tuesday, that any data has been misused “and we are conducting a full forensic investigation to determine the full scope of impact.”

Valerie Lawton, of the federal privacy commissioner’s office, said in an email that it had received a breach report related to Freedom Mobile late Monday afternoon.

“Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), includes confidentiality provisions and we don’t have further details to offer at this time,” Lawton said.

Under PIPEDA, which was most recently updated in November, private-sector organizations that control personal information must advise the privacy watchdog of breaches that pose a “real risk of significant harm” to individuals.

They must also notify affected individuals about the breaches and keep records.

READ MORE: Personal data of 34,000 medical marijuana patients accessed in data breach

READ MORE: 50 million Facebook accounts affected by security breach

However, the Canadian law — in contrast to the European Union’s year-old General Data Protection Regulation — provides more flexibility about when organizations inform the Office of the Privacy Commissioner.

Asked why it didn’t disclose close the leak sooner, the company said it took time to verify the legitimacy of the warning and verify details with its third-party vendor.

David Paddon, The Canadian Press


Like us on Facebook and follow us on Twitter.

Just Posted

Fire ban back in effect for Northwest Fire Centre region

Starting May 24, both Category 2 and Category 3 prohibitions will be in place

Convicted animal abuser Catherine Adams to return to B.C. court in July

Catherine Adams is under a 20-year ban on owning animals, from a 2015 sentence in Smithers

Good job boys

Oakley (L) and Storm sold lemonade in Houston to raise money to… Continue reading

The north, rural areas deserve own ICBC rates, says Houston council

Matter to be considered at provincial convention this fall

Houston get more initial attack crews

The BC Wildfire Service branches in Houston and Burns Lake are preparing… Continue reading

600 new campsites coming to provincial parks and recreation sites across B.C.

Tourism Minister announced half of the new spots to 13 most popular provincial parks

Raptors beat Bucks 105-99 to move within 1 game of NBA Finals

Leonard scores 35 as Toronto takes 3-2 series lead over Milwaukee

Municipalities protest after B.C. declares marijuana crops ‘farm use’

UBCM president seeks answers in letter to John Horgan government

CMHC defends mortgage stress test changes amid calls for loosening rules

Uninsured borrowers must now show they could service their mortgage if rates rose two per cent

Nisga’a Nation tourism industry hits the road

First pilot tour to the Nass Valley is set for this summer with Indigenous Tourism BC

B.C. woman left ‘black and blue’ after being pushed off 40-foot cliff at lake

West Shore RCMP looking for witnesses as investigation continues

Thunderstorms to bring heavy rain, risk of flash floods in the southern Interior

Ten to 30 millimetres of rain to fall over the early weekend

Unbe-leaf-able: Agassiz man finds more than 200 four-leaf clovers in a month

Walt Hardinge has found more than 219 four-or-more leaf clovers this spring alone

Crews fight fire with fire to keep blaze from northern Alberta town

The wildfire now covers some 920 square kilometres

Most Read