A major security breach at the UK’s Three Mobile has potentially exposed the data of up to six million customers, a source told The Telegraph. Three suspected hackers, who reportedly used an employee login to access its database, have been arrested.
Three Mobile, one of the UK’s largest network providers, admitted on Thursday evening that hackers had managed to gain access to its customer upgrade database by using an employee login.
“In order to commit this type of upgrade handset fraud, the perpetrators used authorized logins to Three’s upgrade system,” a Three spokesperson said, adding that the data accessed included the names, phone numbers, addresses, and dates of birth of the company’s customers, but no financial information.
The hackers managed to gain access to customer accounts and upgrade them. They then intercepted the newly ordered phones, presumably in order to sell them.
“Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices,” the Three spokesperson said, noting that the company has confirmed eight cases of phones being illegally obtained through the upgrade so far.
The issue was only discovered after Three received complaints from customers who claimed that scam callers were attempting to gain access to their accounts.
The mobile network provider declined to say whether its customers’ data had been stolen or how many people had been affected. However, a source familiar with the case told The Telegraph that up to six million people – two-thirds of the company’s customers – could have had their data compromised.
The customers whose accounts may have been accessed have not yet been informed.
The data breach is being investigated by the National Crime Agency, which said that three people have been arrested in connection with the hack – two for computer misuse and one for perverting the course of justice.
“All three have since been released on bail pending further enquiries. As investigations are on-going, no further information will be provided at this time,” a spokesperson for the National Crime Agency said.
Founded in 2003, Three carries over 37 percent of the country’s phone data and employs more than 4,000 people across Britain.
The hack follows a breach at British telecommunications company TalkTalk in October of 2015, when hackers stole the details of more than 150,000 customers, including those for the bank accounts of around 15,000 people.