Canadian ISP Rogers Communications has begun to notify customers of a data breach that exposed their personal information due to an unsecured database.
In a data breach notification posted to their site, Rogers states that they learned on February 26th, 2020 that a vendor database containing customer information was unsecured and publicly exposed to the Internet.
“On February 26, 2020, Rogers became aware that one of our external service providers had inadvertently made information available online that provided access to a database managed by that service provider. We immediately made sure the information was removed and began an investigation to see how many customers might have been impacted. No credit card, no banking, or no password information was exposed. We are directly contacting any customer whose information was in the database. We sincerely apologize for this incident and regret any inconvenience this may cause,” Rogers explained.
The following customer information was exposed by this data breach:
- account number
- email address
- telephone number
Rogers’ support article states that no credit card, banking, or password information was exposed by the database.
For affected customers, Rogers is providing a complimentary Transunion credit monitoring subscription.
As some of the exposed information was mobile numbers, Rogers has also added port protection to the numbers to block them from being ported to another carrier without authorization.
“Some wireless account numbers were included in the vendor database. If a customer’s wireless account number was included, we added a block to their account (called port protection) to prevent their phone number from being transferred to another carrier without their authorization. Customers can call us if they wish to remove this block.”
All customers impacted by this data breach should be on the lookout for targeted phishing scams. These phishing scams could pretend to be from Rogers or use the accessed information to gain your information at other companies.