A third-party service provider to Rogers Communications left open a database used for marketing purposes, exposing customer PII.
The Canadian telecom provider did not name the firm involved, nor the number of people affected, but reported that the incident was uncovered on Feb. 26, 2020 and involved the service provider leaving a database open to the public for an unspecified amount of time.
The third-party vendor, which handles promotional offer fulfillment for Rogers, exposed customer names, addresses, account numbers, email addresses and telephone numbers. No payment card information nor login credentials were involved.
The data that was exposed can cause a great deal of harm to its owners as cybercriminals can use it to create well-crafted phishing emails from which they may be able to extract even more valuable personal data.