The UK's fourth largest mobile operator, Three UK, has today admitted that it has lost up to 6 million user records as part of a recent hack.
The information is said to have been taken from a customer upgrade database, with staff credentials having been used to extract data said to include names, phone numbers, addresses, and dates of birth. However, Three UK has claimed that no financial information was taken.
Officially speaking, the company confirmed the hack but declined to state how many customers are affected, though sources close to the matter have said that "about two thirds" of Three's 9 million customers are at risk.
It is understood that the matter came to light after a spike in fraudulent activity in relation to handset upgrades, with leaked customer details having been used by fraudsters to upgrade devices of compromised accounts, then intercepting the delivery of the handsets.
A spokesperson for Three made the following statements:
"Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices.
To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity.
In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three’s upgrade system.
This upgrade system does not include any customer payment, card information or bank account information."
Three men have since been arrested; two on suspicion of computer misuse offenses, with the third arrested on suspicion of perverting the course of justice.
A National Crime Agency spokesperson gave the following statement:
"On Wednesday 16 November 2016, officers from the National Crime Agency arrested a 48-year old man from Orpington, Kent and a 39-year old man from Ashton-under-Lyne, Manchester on suspicion of computer misuse offences, and a 35-year old man from Moston, Manchester on suspicion of attempting to pervert the course of justice."
Three UK has not yet informed affected customers of the breach.
Source: The Telegraph