Rogers and its subsidiary Fido were affected by a data breach, the company said in a statement on Friday.Chris Helgren/Reuters
Quebecor Inc. QBR-B-T and Rogers Communications Inc. RCI-B-T have both suffered breaches of their systems in recent weeks, the latest attack targeting Canadian telecommunications companies and their customers’ data.
In both cases, the data breaches revealed a range of personal information, but not billing data. Telecom companies are frequently targeted by malicious parties as they collect and traffic large databases of valuable customer data, the Canadian Centre for Cyber Security has warned.
Quebecor’s Freedom Mobile brand said in a notice to customers earlier this month that it had detected unauthorized activity within its customer account management platform in January. The company determined that a third party had used the credentials of a subcontractor to gain access to the personal information of some of its customers.
This included first and last names, home addresses, dates of birth, home and cellphone numbers and Freedom Mobile account numbers, but not financial information or passwords, the company said in a post to its website.
Edward Rogers tries to deny payments to Larry Tanenbaum in dispute over mother’s estate
Freedom said it had no indication that this information has been misused, but that it had informed those customers whose information was compromised by e-mail or text on March 18. The company declined to comment on how many customers were affected.
The telecom said in the post it had contained the incident and is reviewing the controls governing third-party access to its systems, as well as monitoring affected accounts for any signs of unusual activity.
Freedom was also affected by a similar breach last October, during which the same categories of data were compromised.
Meanwhile, Rogers and its subsidiary Fido have also been affected by a data breach, the company said in a statement Friday.
The company said that the information compromised was limited to customer names, contact information, account numbers and language preferences. It said that no financial information, social insurance numbers, dates of birth or passwords were affected.
“Through our proactive cybersecurity monitoring, we recently identified unauthorized third-party access to limited customer information. We took immediate steps to investigate and implement additional protection. We have not identified unauthorized access to any personal financial information,” Rogers spokesperson Zac Carreiro said in an e-mail Friday.
Rogers lays off part of in-house IT support team
He said the company is continuing to review how many customers were affected.
Earlier this month, Telus Communications Inc. said it was investigating its own cybersecurity incident involving unauthorized access to a recently reacquired business technology arm by a criminal hacking and extortion group called ShinyHunters.
Telus said in a statement that a “limited number of systems” belonging to its affiliate, Telus Digital, were accessed.
ShinyHunters said it has stolen nearly one petabyte of data from Telus Digital, including a wide range of customer data, in a breach, and that it was demanding a ransom in exchange for not leaking the data, The Globe previously reported.
The Vancouver-based telecom giant said it has taken steps to address the activity and secure its systems against further intrusion.
Several U.S. companies are facing proposed class-action lawsuits that allege they did not adequately protect customer data from cyberattacks attributed to ShinyHunters.
Last year, the Canadian Centre for Cyber Security, part of the Communications Security Establishment Canada, said that three network devices registered to a Canadian telecom had been compromised by a group that was likely linked to Salt Typhoon, a cyber attack group which it said is sponsored by China.