Over 133,000 Three mobile customers hit by data breach

Names, addresses and other information may have been accessed by criminals


Nearly 134,000 customers of the Three mobile network have had their data accessed by criminals, the sompany has admitted.

CEO David Dyson issued a statement on Friday evening, aproximately 18 hours after reports of a data breach first came to light, seeking to reassure customers, but also revealing new details as to the scope of the attack.

Advertisement - Article continues below

"I can now confirm that the people carrying out this activity were also able to obtain some customer information. In total, information from 133,827 customer accounts was obtained but no bank details, passwords, pin numbers, payment information or credit/debit card information are stored on the upgrade system in question," said Dyson.

In a little over 107,000the accounts affected, criminals could have seen information such as the customer's phone number, how long they have been a Three customer, their handset type and whether they are a SIM-only or monthly contract customer, as well as whether their bill is paid by cash or by card.

For 26,725 customers, however, breach potentially affects additional data, including their name, address, date of birth, email address, previous addresses, marital status and employment status.

The company has said it will be contacting customers on an individual basis if they are one of the 133,827 affected and informing them which category they fall into.

Advertisement - Article continues below
Advertisement - Article continues below

Dyson sought to soothe fears of a wide-scale data leak, however, saying:"We believe the primary purpose of this was not to steal customer information but was criminal activity to acquire new handsets fraudulently."

Earlier in the day it was revealed that eight 'high end' mobile devices had been fraudulently issued using Three's upgrade systems, with the perpetrators apparently intending to intercept and resell the devices. So far, it's unclear as to whether they managed to achieve these aims.

This is a developing story, which will be updated as more information becomes available.

Responses to cyber attacks are too reactive. Learn how to monitor and tackle threats to your business much more swiftly bydownloading this Intel whitepaper.

18/11/2016 (11.39am):Three acknowledges data breach

Three UK has finally issued an official statement acknowledging the upgrade scam first reported last night, in which "authorised logins" for the company's upgrade system were used to issue new handsets to customers, which were then intercepted.

Advertisement - Article continues below

"Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices," the company said. "We've been working closely with the Police and relevant authorities. To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and 8 devices have been illegally obtained through the upgrade activity.

"The investigation is ongoing and we have taken a number of steps to further strengthen our controls."

The company has sought to reassure customers that the upgrade system used to issue the eight devices that were illegally intercepted contains no customer payment, card or bank account information.

Earlier today, the ICO toldIT Proit was aware of the situation and was investigating. The National Crime Agency, meanwhile, made two arrests on Wednesday under the Computer Misuse Act and one on suspicion of attempting to pervert the course of justice that are allegedly in relation to the fraudulent upgrade scheme, although the NCA has not yet confirmed this.

Advertisement - Article continues below
Advertisement - Article continues below

18/11/2016 (08.30am):ICO investigating Three 'data breach'

Three men have reportedly been arrested in relation to a data breach at mobile phone network Three. Two of the men, aged 39 and 35, were arrested by the National Crime Agency in the Greater Manchester area on Wednesday, while the third, aged 48, was arrested in Orpington Kent, according toSky News.

It's understood that the three are suspected of being involved in a scam which saw thieves allegedly take information from Three's upgrade database and use it to issue eight new phones. It is alleged that these phones were then intercepted on their way to the Three customer whose account was used to generate the request.

Although there have been reports that the three were being investigated on suspicion of fraud, Sky News reported that thetwo older men were in fact arrested on suspicion of offences under the Computer Misuse Act, while the younger man was arrested on suspicion of attempting to pervert the course of justice. All three are understood to have been released on bail.

Advertisement - Article continues below

The NCA confirmed the details of the arrests toIT Pro but did not confirm if they were related to the reported Three incident.

The Information Commissioner's Office (ICO), meanwhile, toldIT Pro that it is "aware of the incident and [is] making enquiries".

"The law requires that organisations take appropriate measures to keep people's personal data secure. As the regulator, it's our job to act on behalf of consumers to see whether that's happened," it added.

It so far remains unclear at this point how the data came to be compromised, other than an employee login was used, nor how many Three customers have been affected - although it has been reported elsewhere that around six million accounts have been accessed,IT Pro understands the number to be significantly lower.

IT Procontacted Three for clarification of these points but had not received a response at the time of publication.

17/11/2016:Three mobile network hit by 'data breach'

Advertisement - Article continues below

UK mobile network Three has been hit by what is being reported as a major security breach, with customer information including names and phone numbers allegedly accessed illegally.

Three confirmed late on Thursday night that the breach had taken place, with the data, which was stored in a customer upgrade database, accessed via an employee login.

Although the Telegraph, which was first to break the story, has reported that "the private information of two-thirds of the company's nine million customers could be at risk", IT Pro understands the number affected is in fact much lower and potentially in the dozens, rather than millions.

IT Pro contacted Three for a statement on the reports and confirmation of how many people have potentially been affected but had not received a response at the time of publication.

It is also unclear at this point whether or not the company was hit by external hackers and if any data was actually exfiltrated.

The news comes almost a year to the day after another UK mobile network, TalkTalk, was hit by a massive cyber breach, which affected over 150,000 customers. Earlier this week, a 17-year-old boy admitted to carrying out the attack.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now


ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020

Most malware came through HTTPS connections in Q1 2020

25 Jun 2020

Phishing attacks target unsuspecting Wells Fargo customers

24 Jun 2020

Trump administration wants to enhance the security of .gov sites

24 Jun 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020
Policy & legislation

UK gov buys "wrong" satellites in £500m blunder

29 Jun 2020

UK to ban Huawei from 5G networks 'within weeks'

6 Jul 2020