According to a report by The Telegraph, telecom carrier Three Mobile has suffered a breach in its UK systems, with its sources saying roughly 6 million customers’ personal data could be at risk. The company noted that the attackers used an employee login to gain entry into its database of customers eligible for a phone upgrade. It hasn’t yet confirmed how many users’ data was stolen or informed affected customers.
The data in question includes people’s names, phone numbers, addresses and dates of birth; leaving out their financial information, which Three Mobile says “there could’ve been no way to access.”
The National Crime Agency (NCA) said it had arrested three persons – two men from Manchester and one man from Kent – in the course of its investigation into the matter. All three have since been released on bail as further enquiries take place. Three Mobiles said that the hackers had been toying with the database to grant customers new phones and it was then that they intercepted the devices, possibly to sell them for a profit. In a statement, the company said,
We’ve been working closely with the Police and relevant authorities. To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity.
Earlier this month, Philip Hammond, the Chancellor, had said that companies have a duty to protect their customers against cyber crime following a series of high-profile breaches. Speaking to an audience in London, he said,
Trust in the internet and the infrastructure on which it relies is fundamental to our economic future. Because without that trust in, faith in the whole digital edifice will fall away.
The investigation is currently ongoing, and a number of steps have already been taken to further strengthen Three Mobile’s data controls.
This is by no measure the first time a British mobile carrier has been attacked. In October 2015, TalkTalk had its systems breached by a teenager, who stole 95,000 users’ data. The attack resulted in a loss of 150,000 customers for the company, the total cost of which added up to £60 million in losses.
Three Mobile has been contacted for further comment, and while the company remains to be heard from, the details of this data breach will be closely followed.