Freedom Mobile Hit by Second Data Breach in 2026, Exposing Customer Personal Information
Freedom Mobile disclosed a data breach on March 18, 2026, revealing that a third party accessed customers’ personal information between January 12 and 18. The carrier detected unauthorized activity within its customer account management platform, traced to compromised credentials belonging to a subcontractor. While the exact number of affected customers remains undisclosed, the exposed data included names, home addresses, email addresses, dates of birth, phone numbers, and account numbers though payment details and passwords were not accessed.
Freedom Mobile stated it disabled the compromised account, implemented security measures to prevent future incidents, and is monitoring affected accounts for suspicious activity. The company reported no evidence of data misuse but acknowledged the breach as its second in recent months. A similar incident occurred in October 2025, also involving unauthorized access to the same platform.
This latest breach follows a 2019 security flaw that exposed the data of 15,000 customers. The incident adds to a growing trend of cybersecurity challenges among Canadian telecom providers, including a recent breach at Telus Digital, where hackers reportedly stole over 1,000TB of data.
Source: https://mobilesyrup.com/2026/03/19/freedom-mobile-data-breach/
Freedom Mobile cybersecurity rating report: https://www.rankiteo.com/company/freedom-mobile
"id": "FRE1773952491",
"linkid": "freedom-mobile",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Telecom',
'location': 'Canada',
'name': 'Freedom Mobile',
'type': 'Telecommunications'}],
'attack_vector': 'Compromised Credentials',
'customer_advisories': 'Monitoring affected accounts for suspicious activity; '
'no evidence of data misuse',
'data_breach': {'personally_identifiable_information': 'Names, home '
'addresses, email '
'addresses, dates of '
'birth, phone numbers, '
'account numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal Information'},
'date_detected': '2026-01-12',
'date_publicly_disclosed': '2026-03-18',
'description': 'Freedom Mobile disclosed a data breach on March 18, 2026, '
'revealing that a third party accessed customers’ personal '
'information between January 12 and 18. The carrier detected '
'unauthorized activity within its customer account management '
'platform, traced to compromised credentials belonging to a '
'subcontractor. The exposed data included names, home '
'addresses, email addresses, dates of birth, phone numbers, '
'and account numbers, though payment details and passwords '
'were not accessed.',
'impact': {'brand_reputation_impact': 'Yes',
'data_compromised': 'Names, home addresses, email addresses, dates '
'of birth, phone numbers, account numbers',
'identity_theft_risk': 'Yes',
'payment_information_risk': 'No',
'systems_affected': 'Customer account management platform'},
'initial_access_broker': {'entry_point': 'Compromised subcontractor '
'credentials'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Disabled compromised '
'account; implemented '
'security measures',
'root_causes': 'Compromised subcontractor '
'credentials'},
'references': [{'date_accessed': '2023-10-12',
'source': 'Cyber Incident Description'}],
'response': {'communication_strategy': 'Public disclosure on March 18, 2026',
'containment_measures': 'Disabled the compromised account',
'enhanced_monitoring': 'Monitoring affected accounts for '
'suspicious activity',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Implemented security measures to '
'prevent future incidents'},
'title': 'Freedom Mobile Hit by Second Data Breach in 2026, Exposing Customer '
'Personal Information',
'type': 'Data Breach',
'vulnerability_exploited': 'Unauthorized access via subcontractor credentials'}