Three caught up in another embarassing data breach

Some customers are seeing other people's information when they log in to their account.

Bloomberg via Getty Images

A technical issue has given some Three customers access to another person's account information, including their name, address, phone number and call history. The scale of the problem isn't clear, but it's likely to be small. Three says it's received "less than 20" reports so far from customers, and is now investigating the matter. As the Guardian reports, the mistake has allowed a number of Three customers to view other people's personal information after logging in to their account online.

A spokesperson for Three said: "We are aware of a small number of customers who may have been able to view the mobile account details of other three users using My3. No financial details were viewable during this time and we are investigating the matter." For those affected, it represents a breach of their personal information. Mark Tommo Thompson discovered his involvement after he was called by a stranger who discovered they had access to his details. Posting on Three's Facebook page, he described it as a "shocking breach of data privacy," and demanded to know how many other people were able to view this information.

The system snafu follows an equally embarrassing data breach affecting 130,000 Three customers last year. Thieves used a stolen employee login to access basic account details, but no financial information, such as bank details, passwords, pin numbers, or credit and debit card numbers. Three men were arrested after they tried to use this information to obtain smartphones through the company's standard upgrade system. At the time, Three CEO David Dyson said in a statement: "We believe the primary purpose of this was not to steal customer information but was criminal activity to acquire new handsets fraudulently." The company has contacted everyone who might be affected, and the legal case is still ongoing.