Three suffers another data breach

Personal data gets exposed to the wrong customers via My3 portal

UK mobile operator Three may have landed itself in hot water again, after a data breach resulted in some customers being presented with the telephone histories and personal details of other users.

When some Three users logged into the My3 account management portal, they found themselves presented with the names, addresses and phone numbers for random strangers, as well as complete, time-stamped records of which numbers these people called and texted.

The company's My3 portal was taken offline for maintenance, which drew ire from customers who were left unable to top up or check their balances.

"We are aware of a small number of customers who may have been able to view the mobile account details of other Three users using My3," the company said in a statement. "No financial details were viewable during this time and we are investigating the matter."

This incident follows on from an attack earlier this year in which data thieves made off with the personal information of 133,000 users. Security experts have chastised the company for not doing more to secure its systems in the wake of the previous breach.

""In another blow to a seemingly endless battle for companies vs. customers' data, Three has suffered another breach of information," said Smoothwall corporate security specialist David Navin. "Reminiscent of multiple attacks against TalkTalk in a short space of time, Three will have some tough questions to answer, such as why their customer data wasn't consequently watertight and 100% secure."

John Madelin, CEO of security specialist Reliance ASCN also pointed out that while no financial data was exposed, the information that was visible is just as dangerous.

"It's extremely concerning that strangers have been able to see each other's account detail," he said. "Even information such as names, addresses, phone numbers and call histories can be used for criminal activities if in the wrong hands."

"While at the moment this doesn't look like a true security breach, it's clear that Three is struggling to manage basic customer privacy."

Privacy campaign group Big Brother Watch toldIT Prothe latest breach casts doubt over telecom companies' ability to store 12 months of users' web browsing histories, as they will soon be required to under the Investigatory Powers Act.

Research director Daniel Nesbitt said: "Any breach of this kind of personal information has the potential to be very serious.

"In the wrong hands information such as the names, addresses and call histories of customers can be used to paint an intimate picture of a person's life.

"With the Investigatory Powers Act mandating that companies hold onto records of all of their customers internet activity for up to 12 months this threat merely increases. This data has to be kept secure and there must be proper transparency about how the system is working, if it isn't yielding results then it should be scrapped."

Image credit: Three UK

Featured Resources

Seven steps to connect and empower your frontline workers

How business leaders can improve communication with a secure platform

Free download

Create what’s next

The future of collaboration and productivity

Free Download

Leveraging the cloud without relinquishing control

Your data. Their cloud.

Free download

Re-architecting for nonstop innovation

Unlocking productivity, scalability, and lower costs for cloud natives

Free Download

Recommended

Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
83% of critical infrastructure companies have experienced breaches in the last three years
cyber security

83% of critical infrastructure companies have experienced breaches in the last three years

11 Nov 2021
Identity Automation launches credential breach monitoring service
phishing

Identity Automation launches credential breach monitoring service

5 Oct 2021
Neiman Marcus data breach hits 4.6 million customers
data breaches

Neiman Marcus data breach hits 4.6 million customers

4 Oct 2021

Most Popular

Looking beyond the obvious: What’s best for multi-cloud?
Sponsored

Looking beyond the obvious: What’s best for multi-cloud?

8 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021
How to speed up Microsoft's Windows 11
Microsoft Windows

How to speed up Microsoft's Windows 11

9 Nov 2021