Three Breach: 5 Million+ Customer Records Exposed

Three, one of the UK’s biggest mobile phone companies has suffered a major cybersecurity breach which could put the personal data of millions of customers at risk.

Cause:
It has been reported that hackers had been accessing Three UK’s customer accounts via a compromised employee login. The cyber criminals were then upgrading the contracts then intercepting the upgraded handsets, possibly in order to sell them on. Three confirmed the breach on the evening of 17th November but declined to say whether customers’ data was stolen or how many have been affected.

Effect:
Three said that the data accessed included names, phone numbers, addresses and dates of birth, but added that it did not include financial information. To update their customers, Three posted the following statement to its Facebook page:

We’re aware of an attempted fraud issue regarding upgrade devices and are working with police and relevant authorities on the matter. The objective was to steal high-end smartphones from Three, but we’ve already put measures in place to stop the fraudulent activity. We’d like to reassure customers that their financial details are not at risk. We are investigating how many customers are affected and will be contacting them as soon as possible. We’ll update with further information once we have this.

Three men have been arrested for the hack, according to the UK’s National Crime Agency (NCA) including, a 48-year-old man from Kent, a 39-year-old man from Manchester and a 35-year-old man from Moston, Manchester. 2 of the men are suspected of computer misuse offences in connection with the fraud and 1 other was arrested on suspicion of attempting to pervert the course of justice.