Freedom Mobile has revealed a data breach that leaked personal information belonging to a limited number of customers. This happened after illegal access to its internal systems in late October.
As per the notice sent to customers, the breach was found in late October, when the security team found illicit activity on its customer account management platform. “Our investigation revealed that a third party used the account of a subcontractor to gain access to the personal information of a limited number of our customers,” the statement read.
Attack tactic
According to the investigation, a third-party got access via the account of a subcontractor. It means that a threat actor used genuine login credentials that belonged to an external partner, instead of directly breaking through technical defenses. After gaining access, the threat actors could view particular customer records. The exposed data consists home addresses, first and last names, contact numbers and Freedom Mobile account numbers.
Details such as account passwords, banking details, credit card were not hacked. The incident impacted only personal profile data, nof authentication secrets or financial data.
Once the intrusion was found, Freedom Mobile blocked malicious accounts and linked IP addresses, and deployed additional security measures on the platform.
These steps generally involve strict access permissio
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: