Roy Urrico reports:
Security researchers discovered an exposed Elasticsearch server containing up to 1.5 million Freedom Mobile users’ personal data, passwordless, and including unencrypted credit card and CVV numbers, expiration dates and verification numbers.
The five million exposed customer data logs belonged to Freedom Mobile, Canada’s fourth wireless telecommunications provider. The files, stored in plaintext, also held customer names, email and postal addresses, home and mobile phone numbers, birthdates, IP addresses connected to payment methods, customer types and account numbers. The logs also comprised credit checks filed through Equifax and other companies with details of the application results. A Freedom Mobile spokesperson for the company said the incident affected 15,000 customers.
Read more on Credit Union Times.