Three suffers another data breach

Personal data gets exposed to the wrong customers via My3 portal

UK mobile operator Three may have landed itself in hot water again, after a data breach resulted in some customers being presented with the telephone histories and personal details of other users.

When some Three users logged into the My3 account management portal, they found themselves presented with the names, addresses and phone numbers for random strangers, as well as complete, time-stamped records of which numbers these people called and texted.

Advertisement - Article continues below

The company's My3 portal was taken offline for maintenance, which drew ire from customers who were left unable to top up or check their balances.

"We are aware of a small number of customers who may have been able to view the mobile account details of other Three users using My3," the company said in a statement. "No financial details were viewable during this time and we are investigating the matter."

This incident follows on from an attack earlier this year in which data thieves made off with the personal information of 133,000 users. Security experts have chastised the company for not doing more to secure its systems in the wake of the previous breach.

""In another blow to a seemingly endless battle for companies vs. customers' data, Three has suffered another breach of information," said Smoothwall corporate security specialist David Navin. "Reminiscent of multiple attacks against TalkTalk in a short space of time, Three will have some tough questions to answer, such as why their customer data wasn't consequently watertight and 100% secure."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

John Madelin, CEO of security specialist Reliance ASCN also pointed out that while no financial data was exposed, the information that was visible is just as dangerous.

"It's extremely concerning that strangers have been able to see each other's account detail," he said. "Even information such as names, addresses, phone numbers and call histories can be used for criminal activities if in the wrong hands."

"While at the moment this doesn't look like a true security breach, it's clear that Three is struggling to manage basic customer privacy."

Privacy campaign group Big Brother Watch toldIT Prothe latest breach casts doubt over telecom companies' ability to store 12 months of users' web browsing histories, as they will soon be required to under the Investigatory Powers Act.

Research director Daniel Nesbitt said: "Any breach of this kind of personal information has the potential to be very serious.

"In the wrong hands information such as the names, addresses and call histories of customers can be used to paint an intimate picture of a person's life.

Advertisement - Article continues below

"With the Investigatory Powers Act mandating that companies hold onto records of all of their customers internet activity for up to 12 months this threat merely increases. This data has to be kept secure and there must be proper transparency about how the system is working, if it isn't yielding results then it should be scrapped."

Image credit: Three UK

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Visit/cloud/amazon-web-services-aws/355183/aws-launches-amazon-detective
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020
Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020
Visit/software/video-conferencing/355180/zoom-does-not-use-end-to-end-encrypted
video conferencing

Zoom admits meetings don't use end-to-end encryption

1 Apr 2020

Most Popular

Visit/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash
privacy

Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Visit/security/data-breaches/355173/marriott-hit-by-data-breach-exposing-personal-data-of-52-million
data breaches

Marriott data breach exposes personal data of 5.2 million guests

31 Mar 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020