The reported mobile operator Three UK hack put six million customers’ private information at risk after employee login used to access database
The telegraph reported (here) that Three Mobile admitted that hackers have successfully accessed its customer upgrade database after using an employee login. Sources familiar with this Three UK hack told the Telegraph that the private information of two thirds of the company’s nine million customers could be at risk.
“This upgrade system does not include any customer payment, card information or bank account information,” Three spokesman Nicholas Carter told Reuters in an email.
The company, part of CK Hutchison Holdings Ltd, said that over the last four weeks Three has seen an increasing level of attempted handset fraud.
“To date, we have confirmed approximately 400 high-value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity,” Carter said. “This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices.”
Three admitted to the breach only after it received numerous complaints from customers that scam callers were attempting to gain access to their bank accounts. Three said that the data accessed included names, phone numbers, addresses and dates of birth, but added that it did not include financial information. As of writing the affected customers have not been notified by Three.
The BBC reported (here) this morning that police have arrested three men in connection with the Three UK hack. On Wednesday, the National Crime Agency arrested a 48-year-old man from Orpington, Kent, and a 39-year old man from Ashton-under-Lyne, Manchester, on suspicion of computer misuse offences as well as a 35-year old man from Moston, Manchester, on suspicion of attempting to pervert the course of justice.
The use of a login to access the Three database marks it out from a hacking attack on Talk Talk, which led to the theft of the personal data of nearly 157,000 customers. Talk Talk was fined £400,000 last month after hackers targeted vulnerable web pages to steal customer information in October last year.