Privacy News Three UK hacked - Millions of customer records at risk

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
The UK's fourth largest mobile operator, Three UK, has today admitted that it has lost up to 6 million user records as part of a recent hack.

The information is said to have been taken from a customer upgrade database, with staff credentials having been used to extract data said to include names, phone numbers, addresses, and dates of birth. However, Three UK has claimed that no financial information was taken.

Officially speaking, the company confirmed the hack but declined to state how many customers are affected, though sources close to the matter have said that "about two thirds" of Three's 9 million customers are at risk.

It is understood that the matter came to light after a spike in fraudulent activity in relation to handset upgrades, with leaked customer details having been used by fraudsters to upgrade devices of compromised accounts, then intercepting the delivery of the handsets.

A spokesperson for Three made the following statements:

"Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices.

To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity.

In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three’s upgrade system.

This upgrade system does not include any customer payment, card information or bank account information."

Three men have since been arrested; two on suspicion of computer misuse offenses, with the third arrested on suspicion of perverting the course of justice.

A National Crime Agency spokesperson gave the following statement:

"On Wednesday 16 November 2016, officers from the National Crime Agency arrested a 48-year old man from Orpington, Kent and a 39-year old man from Ashton-under-Lyne, Manchester on suspicion of computer misuse offences, and a 35-year old man from Moston, Manchester on suspicion of attempting to pervert the course of justice."

Three UK has not yet informed affected customers of the breach.

Source: The Telegraph
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top