Freedom Mobile says it will start putting up notice cards at stores about a recent data leak that occurred this spring, affecting up to 15,000 accounts.
According to internal documentation seen by iPhone in Canada, a notice to stores dated August 27, 2019, instructs them to post up ‘Customer Data Exposure Notice Cards’ by September 3, 2019, and kept up until December 2019.
Freedom Mobile says on April 18, a cybersecurity research firm contacted the company about a leak at their retail stores. The security hole exposed data “limited to consumers who tried to open or made any changes to their accounts” at 17 Freedom Mobile locations from March 25 to April 15, and “anyone who tried to make changes or open accounts on April 16”.
The company says it has already reached out to those affected customers in May, “except for those that only provided a date of birth and name,” which consists of about 500 people.
Back in May, TechCrunch reported security researchers Noam Rotem and Ran Locar found an unsecured Elasticsearch server, which apparently took Freedom Mobile one week to secure.
Information leaked included names, email addresses, phone number, various postal addresses, dates of birth, customer types, and account numbers. According to TechCrunch, credit card numbers, expiry dates, and verification numbers were also available.
Shaw responded at the time, “Our investigation has revealed that a very limited amount of Freedom Mobile customer data was exposed as the result of a misconfigured server managed by Apptium, a new third-party service provider Freedom Mobile has engaged to streamline our retail customer support processes.”