Three network data breach leaves nine million customers at risk
A data breach at Three has left more than nine million customers at risk due to having their personal data stolen.
The mobile network operator has confirmed that the names and addresses of it's nine million subscribers had been accessed following unauthorised access to their database containing listings for customers who are eligable for upgrades - the network has stated that no payment, bank or card details were accessed during the attack.
On November 14 the network became aware of suspicious activity on their database after the attackers used the system to order upgraded mobiles in a malicious attack that affected eight of Three's subscribers.
The network immediately notified the relevant authorities and began to work on intercepting the attack. The National Crime Agency confirmed it had arrested a 39-year-old male from Ashton-Under-Lyne, Manchester and a 48-year-old man from Orpington, Kent on suspicion of computer misuse offences. A third man from Moston, Manchester has also been arrested on suspicion of attempting to pervert the course of justice.
Three is currently investigating the method in which the database was accessed and has increased its security as a result.
A Three spokesperson confirmed that 400 handsets, which include iPhone and Samsung Galaxy devices, had also been stolen from retail stores in separate incidents - these device have now been retrieved.
The spolesperson commented on the attack saying, "To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity. In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three’s upgrade system."