Freedom Mobile Hit by Second Data Breach in 2026, Exposing Customer Personal Information Freedom Mobile disclosed a data breach on March 18, 2026, revealing that a third party accessed customers’ personal information between January 12 and 18. The carrier detected unauthorized activity within its customer account management platform, traced to compromised credentials belonging to a subcontractor. While the exact number of affected customers remains undisclosed, the exposed data included names, home addresses, email addresses, dates of birth, phone numbers, and account numbers though payment details and passwords were not accessed. Freedom Mobile stated it disabled the compromised account, implemented security measures to prevent future incidents, and is monitoring affected accounts for suspicious activity. The company reported no evidence of data misuse but acknowledged the breach as its second in recent months. A similar incident occurred in October 2025, also involving unauthorized access to the same platform. This latest breach follows a 2019 security flaw that exposed the data of 15,000 customers. The incident adds to a growing trend of cybersecurity challenges among Canadian telecom providers, including a recent breach at Telus Digital, where hackers reportedly stole over 1,000TB of data.

Breached Signals: Unraveling the Freedom Mobile Data Hack and Its Ripples Through Canadian Telecom In the early hours of a routine October day in 2025, Freedom Mobile, Canada’s fourth-largest wireless carrier, detected unusual activity within its customer account management platform. What followed was a swift investigation revealing a sophisticated breach that compromised personal information for a limited but unspecified number of customers. Hackers, exploiting a subcontractor’s account, gained unauthorized access and siphoned off data including full names, postal addresses, dates of birth, phone numbers, and account numbers. This incident, first spotted on October 23, underscores the persistent vulnerabilities in telecom infrastructure, even as companies bolster defenses against an ever-evolving array of cyber threats. Freedom Mobile’s response was prompt: the company terminated the illicit access, disinfected the compromised systems, and notified affected customers through breach letters. Importantly, the carrier emphasized that sensitive financial details like payment information and passwords remained untouched. Yet, the stolen data—while not including credit card numbers—poses significant risks for identity theft, phishing scams, and targeted fraud. As reported in TechRadar, the breach highlights how third-party access points can serve as weak links in otherwise fortified networks, a recurring theme in recent cyber incidents across the sector. The timing of this disc

Freedom Mobile, the fourth-largest wireless carrier in Canada, has disclosed a data breach after attackers hacked into its customer account management platform and stole the personal information of an undisclosed number of customers. Founded in 2008 as Wind Mobile by telecommunications provider Globalive, Freedom has over 2,2 million subscribers and now says it provides coverage to 99% of Canadians. Vidéotron, a subsidiary of Canadian telecommunications company Québecor, acquired Freedom in 2023, creating the country's fourth major wireless carrier with more than 3.5 million mobile customers and nearly 7,500 employees. In a data breach notification published today, Freedom said it detected a breach of its customer account management platform on October 23. "Our investigation revealed that a third party used the account of a subcontractor to gain access to the personal information of a limited number of our customers," Freedom stated. "We quickly identified the incident and implemented corrective measures and security enhancements, including blocking the suspicious accounts and corresponding IP addresses." The personal and contact information exposed in the incident includes first and last names, home addresses, dates of birth, home and/or cell phone numbers, and Freedom Mobile account numbers. Although it found no evidence that the compromised data has been misused since the breach, the wireless carrier advised affected customers to be suspicious of unexpected messages

French Telecom Giants Fined €42M After Massive GDPR Breach Affecting 24 Million French telecom operators Free and Free Mobile, subsidiaries of Iliad Group, have been hit with a €42 million ($48.8 million) fine by France’s data protection authority, CNIL, for GDPR violations linked to a major October 2024 data breach. The incident exposed the personal and financial data of over 24 million individuals, including IBANs and other sensitive information. The attack began on September 28, 2024, when threat actors infiltrated the companies’ systems via a vulnerable VPN and exploited a flaw in the MOBO subscriber management tool. The breach compromised 19.5 million Free Mobile contracts and 5.2 million Free fixed-line contracts, making it one of the largest cybersecurity incidents in France this year. CNIL’s investigation revealed critical security failures, including weak VPN authentication, inadequate anomaly detection, and poor data retention policies. The regulator also criticized the companies for delayed and insufficient breach notifications, further violating GDPR requirements. The fine underscores the growing scrutiny on telecom providers over data protection compliance, particularly as cyberattacks targeting customer databases intensify.

An Elasticsearch server containing up to 1.5 million Freedom Mobile users’ personal data was exposed in a data breach. The files, stored in plaintext, also held customer names, email and postal addresses, home and mobile phone numbers, birth dates, IP addresses connected to payment methods, customer types, and account numbers. A Freedom Mobile spokesperson for the company said the incident affected 15,000 customers.

A hacker using the alias NullHumanity claimed that they had managed to identify a flaw in the customer login system of Freedom Mobile. It claims to obtain private details of customers including their phone number, address, call history and other information effortlessly. The hacker made claims on Freedom subreddit along with posting a screenshot of the code to prove successful brute forcing of Freedom Mobile’s user logins. Hacker further claimed that the customer login system has been “forced to the Phone Number/PIN model,” which cannot be modified by the support center of the carrier as well. The hacker also stated that currently 2,000 at-risk accounts have been identified on Freedom Mobile’s MyAccount page but he does not intend to exploit them.