Three has announced that criminals used employee logins to access its phone upgrade system. They used this access to steal phones that were supposed to be sent as upgrades to customers, and personal information from more than 133,000 thousand accounts was compromised in the process.
According to an official statement by Three’s CEO, David Dyson, 133,827 customer accounts were compromised. He also revealed that the following information about those accounts may have been leaked:
“Our investigation of the upgrade system shows that for 107,102 customers, the following information could have been obtained:
Whether they are a handset or SIM only customer, contract start and end date, handset type, Three account number, how long they’ve been with Three, whether the bill is paid by cash or card, billing date and name.
For a further 26,725 customers the following information could have been obtained:
Name, address, date of birth, gender, handset type, contract start and end date, whether they are a handset or SIM only customer, telephone number, email address, previous address, marital status, employment status, Three account number and phone number and how long they’ve been with Three. “
Dyson noted that no bank details, passwords, pin numbers, payment information, or credit-slash-debit card information are stored on the upgrade system in question, so the criminals never had access to it. Three’s CEO also believes that their main intention may not have been to simply steal information, but to use that information to fraudulently acquire high-end smartphones.
The company has noticed a wave of thefts in the past month that it thinks may be connected to the unauthorised access. So far, 400 high-end smartphones have been stolen in multiple burglaries. Three has also noticed that eight devices have been illegally obtained through the upgrade activity.
The company has been collaborating with the police, and it looks like three suspects have already been arrested. Dyson added that all of the affected customers will be contacted and that security will be increased for their accounts.