Freedom Mobile confirmed Tuesday it had a data security breach from late March to late April 2019, but the wireless carrier said only about 15,000 customers were affected — far fewer than an outside research firm’s estimate.
The Calgary-based company — which operates networks in Ontario, Alberta and British Columbia — was apparently warned of the breach by researchers at vpnMentor, which announced it to the press.
The vpnMentor report said two of its researchers, Noam Rotem and Ran Locar, had warned Freedom of their findings on April 17, 18 and 23 but didn’t get a response from the company until April 24.
“For ethical reasons, we didn’t download the database, so we don’t know exactly how many people were affected,” the blog said. However, the blog was posted under the title “Report: Freedom Mobile Customer Data Breach Exposes 1.5 Million Customers” based on the assumption that hackers could access unencrypted data from all of Freedom’s customer base.
Freedom said in an emailed statement that “any reference to 1.5 million customers affected is inaccurate.”
The company said its investigation determined the breach began on March 25 and affected data processed by a new external third-party vendor, Apptium Technologies, that had been hired to streamline its retail customer support.
It said the problem was fixed by April 23.