Researchers are claiming to have found an open Elasticsearch database containing 5 million records related 10 1.5 million Freedom Mobile customers -- figures disputed by the telecommunications company.
Noam Rotem and Ran Locar from vpnMentor said they came across the database on April 17 and attempted to contact Freedom Mobile on April 18 and 23 with no response. The company did reply on April 24 and shut down access the same day.
The exposed files contained email address, home and mobile phone numbers, home addresses, dates of birth, customer types, IP addresses connected to payment methods, and encrypted credit card and CVV numbers.
“We could also access account numbers, subscription dates, billing cycle dates and customer service records including locations. Some entries also included data from an Equifax database. This included information on credit scores, credit class, and credit card accounts,” the researchers said.
Freedom Mobile admitted to CBC News that a breach did take place, but said the number is much lower that what the vpnMentor claimed, CBC reported.
Freedom said in a statement that "any reference to 1.5 million customers affected is inaccurate," contending that only 15,000 customers were impacted while noting that the company began its investigation on March 25. Freedom Mobile said the data came from third-party vendor Apptium Technologies and that the leak only affected customers from 17 of its retail outlets that opened or changed account information through April 17. The company claimed the problem was fixed by April 23, CBC reported.
