Three Mobile hit by major data breach in UK with 6m records snatched

18 Nov 2016

It is understood that no bank details were accessed in the breach of Three Mobile in the UK. Image: mubus7/Shutterstock

One of the biggest mobile operators in the UK, Three Mobile, has been hit by a major data breach that involves the personal data of some 6m customers.

The mobile operator Three Mobile admitted to a major cybersecurity breach where data was accessed, including names, phone numbers, addresses, birth dates and potentially more.

It is understood that the hackers gained access to Three Mobile’s customer upgrade database after using an employee login.

Future Human

As a result, some two-thirds of Three Mobile’s UK customer base could be at risk.

A spokesperson for the company said that Three Ireland was not affected by the breach.

‘In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three’s upgrade system’

The data breach dwarfs the high profile breach of TalkTalk last October, when the private details of 157,000 customers had been hacked. As a result of the breach, TalkTalk was hit with a record £400,000 fine.

It is understood that the attack on Three Mobile came to light when complaints were received from customers, pointing to scam callers attempting to gain access to their bank accounts.

The breach of Three Mobile comes 16 months from the arrival of the new General Data Protection Regulation (GDPR) which can fine businesses up to 4pc of their annual revenue.

It also comes on the heels of a major data breach at Tesco Bank. According to a BT Ireland study, had the breach occurred in the future when the GDPR was in force, Tesco could have been fined up to €1.8bn.

The latest breach of Three Mobile is now being investigated by the National Crime Agency and three people have been arrested – two for computer misuse and one for perverting the course of justice.

Handset fraud

According to a statement issued by Three in the UK: “Over the last four weeks, Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices.

“We’ve been working closely with the police and relevant authorities. To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries, and eight devices have been illegally obtained through the upgrade activity.

“The investigation is ongoing and we have taken a number of steps to further strengthen our controls.

“In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three’s upgrade system.

“This upgrade system does not include any customer payment, card information or bank account information,” Three Mobile added.

Three Mobile store. Image: mubus7/Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years