Latest in Culture

Image credit: Matthew Lloyd/Bloomberg via Getty Images

Three UK breach puts millions of customers at risk

Attackers accessed a customer upgrade database using a stolen employee login.
Matt Brian, @m4tt
11.17.16 in Security
461 Shares
Share
Tweet
Share
Save
Matthew Lloyd/Bloomberg via Getty Images

Sponsored Links

If you thought the last 12 months was pretty bad for data breaches, Three UK has some more concerning news. The company has confirmed that attackers successfully managed to access a database of 9 million customers using a stolen employee login, according to The Telegraph. The National Crime Agency says three men have been arrested but investigators are still piecing together who has been affected.

Telegraph sources believe that as many as six million records may have been accessed, which are thought to contain names, phone numbers, addresses and dates of birth. Three says no financial information has been stolen.

A spokesman for Three said: "Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices."

"We've been working closely with the Police and relevant authorities. To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity."

"The investigation is ongoing and we have taken a number of steps to further strengthen our controls. In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three's upgrade system. This upgrade system does not include any customer payment, card information or bank account information."

News of the attack comes after the high-profile hack of TalkTalk in October 2015. which saw almost 160,000 customers have their details stolen. The quad-play provider was fined £400,000 for not properly safeguarding customer information and has spent the past 12 months trying to stop customers jumping ship. Earlier this week, a 17-year-old boy pleaded guilty to his role in the TalkTalk attack.

The National Crime Agency confirmed the arrests in the following statement: "On Wednesday 16 November 2016, officers from the National Crime Agency arrested a 48-year old man from Orpington, Kent and a 39-year old man from Ashton-under-Lyne, Manchester on suspicion of computer misuse offences, and a 35-year old man from Moston, Manchester on suspicion of attempting to pervert the course of justice."

"All three have since been released on bail pending further enquiries. As investigations are on-going no further information will be provided at this time."

Source: The Telegraph
In this article: culture, hack, mobile, security, three, threeuk
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
461 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Fitbit is reportedly in the early stages of exploring a sale

Fitbit is reportedly in the early stages of exploring a sale

View
Tilta mods Blackmagic's Pocket Cinema Camera with a tilt screen and SSD

Tilta mods Blackmagic's Pocket Cinema Camera with a tilt screen and SSD

View
Three Mile Island's infamous nuclear plant shuts down after 45 years

Three Mile Island's infamous nuclear plant shuts down after 45 years

View
Samsung asks users to be extra careful with the Galaxy Fold

Samsung asks users to be extra careful with the Galaxy Fold

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr