Three suffers another data breach

Personal data gets exposed to the wrong customers via My3 portal

UK mobile operator Three may have landed itself in hot water again, after a data breach resulted in some customers being presented with the telephone histories and personal details of other users.

When some Three users logged into the My3 account management portal, they found themselves presented with the names, addresses and phone numbers for random strangers, as well as complete, time-stamped records of which numbers these people called and texted.

The company's My3 portal was taken offline for maintenance, which drew ire from customers who were left unable to top up or check their balances.

"We are aware of a small number of customers who may have been able to view the mobile account details of other Three users using My3," the company said in a statement. "No financial details were viewable during this time and we are investigating the matter."

This incident follows on from an attack earlier this year in which data thieves made off with the personal information of 133,000 users. Security experts have chastised the company for not doing more to secure its systems in the wake of the previous breach.

""In another blow to a seemingly endless battle for companies vs. customers' data, Three has suffered another breach of information," said Smoothwall corporate security specialist David Navin. "Reminiscent of multiple attacks against TalkTalk in a short space of time, Three will have some tough questions to answer, such as why their customer data wasn't consequently watertight and 100% secure."

John Madelin, CEO of security specialist Reliance ASCN also pointed out that while no financial data was exposed, the information that was visible is just as dangerous.

"It's extremely concerning that strangers have been able to see each other's account detail," he said. "Even information such as names, addresses, phone numbers and call histories can be used for criminal activities if in the wrong hands."

"While at the moment this doesn't look like a true security breach, it's clear that Three is struggling to manage basic customer privacy."

Privacy campaign group Big Brother Watch toldIT Prothe latest breach casts doubt over telecom companies' ability to store 12 months of users' web browsing histories, as they will soon be required to under the Investigatory Powers Act.

Research director Daniel Nesbitt said: "Any breach of this kind of personal information has the potential to be very serious.

"In the wrong hands information such as the names, addresses and call histories of customers can be used to paint an intimate picture of a person's life.

"With the Investigatory Powers Act mandating that companies hold onto records of all of their customers internet activity for up to 12 months this threat merely increases. This data has to be kept secure and there must be proper transparency about how the system is working, if it isn't yielding results then it should be scrapped."

Image credit: Three UK

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020
Ransomwiz lets you test your security with simulated ransomware
ransomware

Ransomwiz lets you test your security with simulated ransomware

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Unilever adopts Google Cloud’s complex data processing for deforestation drive
big data analytics

Unilever adopts Google Cloud’s complex data processing for deforestation drive

22 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020