Three suffers another data breach

Personal data gets exposed to the wrong customers via My3 portal

UK mobile operator Three may have landed itself in hot water again, after a data breach resulted in some customers being presented with the telephone histories and personal details of other users.

When some Three users logged into the My3 account management portal, they found themselves presented with the names, addresses and phone numbers for random strangers, as well as complete, time-stamped records of which numbers these people called and texted.

Advertisement - Article continues below

The company's My3 portal was taken offline for maintenance, which drew ire from customers who were left unable to top up or check their balances.

"We are aware of a small number of customers who may have been able to view the mobile account details of other Three users using My3," the company said in a statement. "No financial details were viewable during this time and we are investigating the matter."

This incident follows on from an attack earlier this year in which data thieves made off with the personal information of 133,000 users. Security experts have chastised the company for not doing more to secure its systems in the wake of the previous breach.

""In another blow to a seemingly endless battle for companies vs. customers' data, Three has suffered another breach of information," said Smoothwall corporate security specialist David Navin. "Reminiscent of multiple attacks against TalkTalk in a short space of time, Three will have some tough questions to answer, such as why their customer data wasn't consequently watertight and 100% secure."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

John Madelin, CEO of security specialist Reliance ASCN also pointed out that while no financial data was exposed, the information that was visible is just as dangerous.

"It's extremely concerning that strangers have been able to see each other's account detail," he said. "Even information such as names, addresses, phone numbers and call histories can be used for criminal activities if in the wrong hands."

"While at the moment this doesn't look like a true security breach, it's clear that Three is struggling to manage basic customer privacy."

Privacy campaign group Big Brother Watch toldIT Prothe latest breach casts doubt over telecom companies' ability to store 12 months of users' web browsing histories, as they will soon be required to under the Investigatory Powers Act.

Research director Daniel Nesbitt said: "Any breach of this kind of personal information has the potential to be very serious.

"In the wrong hands information such as the names, addresses and call histories of customers can be used to paint an intimate picture of a person's life.

Advertisement - Article continues below

"With the Investigatory Powers Act mandating that companies hold onto records of all of their customers internet activity for up to 12 months this threat merely increases. This data has to be kept secure and there must be proper transparency about how the system is working, if it isn't yielding results then it should be scrapped."

Image credit: Three UK

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/server-storage/servers/356083/the-best-server-solution-for-your-smb
Sponsored

The best server solution for your SMB

26 Jun 2020