Freedom Mobile Suffers Second Data Breach in Months via Subcontractor Credentials
Learn More
Freedom Mobile, a Canadian telecommunications provider, reported a data breach on March 18, 2026, involving unauthorized access to its customer account management platform.
The incident occurred between January 12 and January 18, 2026. The attackers used stolen credentials from a subcontractor to enter the carrier's account management system. This allowed the hackers to operate within the platform for six days before the activity was detected and stopped. This event follows a similar pattern to a breach reported by Freedom Mobile in December 2025, which also involved unauthorized access to the same internal platform. The repeated exploitation of this system indicates a recurring vulnerability in how the company manages external access.
The compromised data includes:
- First and last names
- Home addresses
- Email addresses
- Dates of birth
- Home and mobile phone numbers
- Freedom Mobile account numbers
The number of affected individuals is not disclosed. Freedom Mobile claims that payment details and account passwords remained secure during the incident.
Freedom Mobile disabled the compromised third-party account immediately after discovery. The company claims it has since reviewed the controls and processes that govern how subcontractors access internal systems.
Impacted customers were notified via email or SMS on the day of the public disclosure. The carrier is currently monitoring the affected accounts for any signs of fraudulent activity or misuse of the stolen information.
Security professionals advise affected users to be careful of phishing attempts that use the leaked personal data to appear legitimate.
