A spokesperson for Three said: "We are aware of a small number of customers who may have been able to view the mobile account details of other three users using My3. No financial details were viewable during this time and we are investigating the matter." For those affected, it represents a breach of their personal information. Mark Tommo Thompson discovered his involvement after he was called by a stranger who discovered they had access to his details. Posting on Three's Facebook page, he described it as a "shocking breach of data privacy," and demanded to know how many other people were able to view this information.
The system snafu follows an equally embarrassing data breach affecting 130,000 Three customers last year. Thieves used a stolen employee login to access basic account details, but no financial information, such as bank details, passwords, pin numbers, or credit and debit card numbers. Three men were arrested after they tried to use this information to obtain smartphones through the company's standard upgrade system. At the time, Three CEO David Dyson said in a statement: "We believe the primary purpose of this was not to steal customer information but was criminal activity to acquire new handsets fraudulently." The company has contacted everyone who might be affected, and the legal case is still ongoing.