{"id":213274,"date":"2019-05-08T02:04:33","date_gmt":"2019-05-08T06:04:33","guid":{"rendered":"https:\/\/canadianinquirer.net\/v1\/?p=213274"},"modified":"2019-05-08T02:04:33","modified_gmt":"2019-05-08T06:04:33","slug":"freedom-mobile-hit-by-data-breach-company-says-up-to-15000-customers-affected","status":"publish","type":"post","link":"https:\/\/canadianinquirer.net\/v1\/2019\/05\/08\/freedom-mobile-hit-by-data-breach-company-says-up-to-15000-customers-affected\/","title":{"rendered":"Freedom Mobile hit by data breach, company says up to 15,000 customers affected"},"content":{"rendered":"
\"\"<\/a>
FILE: A Freedom Mobile store at First Markham Place shopping centre (Photo By Raysonho @ Open Grid Scheduler \/ Grid Engine – Own work, CC0<\/a>)<\/figcaption><\/figure>\n

TORONTO \u2014 Freedom Mobile confirmed Tuesday it had a data security breach from late March to late April, but the wireless carrier said only about 15,000 customers were affected \u2014 far fewer than an outside research firm’s estimate.<\/p>\n

The Calgary-based company \u2014 which operates networks in Ontario, Alberta and British Columbia \u2014 was apparently warned of the breach by researchers at vpnMentor, which announced it to the press.<\/p>\n

The vpnMentor report said two of its researchers, Noam Rotem and Ran Locar, had warned Freedom of their findings on April 17, 18 and 23 but didn’t get a response from the company until April 24.<\/p>\n

\u201cFor ethical reasons, we didn’t download the database, so we don’t know exactly how many people were affected,\u201d the blog said.<\/p>\n

However, the blog was posted under the title \u201cReport: Freedom Mobile Customer Data Breach Exposes 1.5 Million Customers\u201d based on the assumption that hackers could access unencrypted data from all of Freedom’s customer base.<\/p>\n

Freedom said in an emailed statement that \u201cany reference to 1.5 million customers affected is inaccurate . . . \u201c<\/p>\n

The company said its investigation determined the breach began on March 25 and affected data processed by a new external third-party vendor, Apptium Technologies, that had been hired to streamline its retail customer support.<\/p>\n

\u201cThe internal systems of Freedom Mobile or (parent) Shaw Communications were not compromised as part of this third-party vendor security exposure,\u201d the company said in a statement.<\/p>\n

It said the breach affected customers at 17 retail stores who opened or changed accounts as late as April 15 or made changes to opened accounts on April 16. It said the problem was fixed by April 23.<\/p>\n

Freedom also said that it had found no evidence, as of Tuesday, that any data has been misused \u201cand we are conducting a full forensic investigation to determine the full scope of impact.\u201d<\/p>\n

Valerie Lawton, of the federal privacy commissioner’s office, said in an email that it had received a breach report related to Freedom Mobile late Monday afternoon.<\/p>\n

\u201cCanada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), includes confidentiality provisions and we don’t have further details to offer at this time,\u201d Lawton said.<\/p>\n

Under PIPEDA, which was most recently updated in November, private-sector organizations that control personal information must advise the privacy watchdog of breaches that pose a \u201creal risk of significant harm\u201d to individuals.<\/p>\n

They must also notify affected individuals about the breaches and keep records.<\/p>\n

However, the Canadian law \u2014 in contrast to the European Union’s year-old General Data Protection Regulation \u2014 provides more flexibility about when organizations inform the Office of the Privacy Commissioner.<\/p>\n

Asked why it didn’t disclose close the leak sooner, the company said it took time to verify the legitimacy of the warning and verify details with its third-party vendor.<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

TORONTO \u2014 Freedom Mobile confirmed Tuesday it had a data security breach from late March to late April, but the …<\/p>\n","protected":false},"author":44,"featured_media":213276,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18,16],"tags":[],"class_list":["post-213274","post","type-post","status-publish","format-standard","has-post-thumbnail","category-news-ca","category-news","mauthors-david-paddon","mauthors-the-canadian-press"],"_links":{"self":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/213274","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/comments?post=213274"}],"version-history":[{"count":1,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/213274\/revisions"}],"predecessor-version":[{"id":213277,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/213274\/revisions\/213277"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/media\/213276"}],"wp:attachment":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/media?parent=213274"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/categories?post=213274"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/tags?post=213274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}