What happened
Freedom Mobile reported a data breach after attackers accessed customer information held by a third-party service provider. The exposed data includes names, email addresses, phone numbers, and account numbers. No payment data or passwords were affected.
Who is affected
Current and former Freedom Mobile customers whose details were processed by the impacted third party.
Why CISOs should care
This incident shows how a third-party provider can widen the attack surface and expose sensitive customer data even when internal systems remain secure. It highlights the need for tighter oversight of vendors and stronger controls on shared data.
3 practical actions
-
Review vendor data access and verify controls for any provider handling customer or regulated information.
-
Update incident response plans to include third-party breach scenarios and communication workflows.
-
Conduct a fresh risk assessment of suppliers and enforce contract clauses on breach reporting and security standards.