[Original] The UK-based carrier Three announced some new that you may not be happy about this week, revealing that the service witnessed a data breach that resulted in hackers gaining access to the customer database after they gained access to an employee login.
They also attempted to steal high-end smartphones from Three by using the customer upgrades system.
The police have arrested three people as a result and Three gave the following statement about it:
We’re aware of an attempted fraud issue regarding upgrade devices and are working with police and relevant authorities on the matter. The objective was to steal high-end smartphones from Three but we’ve already put measures in place to stop the fraudulent activity.
We’d like to reassure customers that their financial details are not at risk. We are investigating how many customers are affected and will be contacting them as soon as possible. We’ll update with further information once we have this.
Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices.
We’ve been working closely with the Police and relevant authorities. To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and 8 devices have been illegally obtained through the upgrade activity.
You can also read more about it at the source link below.
[Update] The CEO of Three Dave Dyson just released a statement about the data breach, posting the following statement on their blog:
As you may already know, we recently became aware of suspicious activity on the system we use to upgrade existing customers to new devices and I wanted to update all our customers on what happened and what we have done.
I understand that our customers will be concerned about this issue and I would like to apologise for this and any inconvenience this has caused.
Once we became aware of the suspicious activity, we took immediate steps to block it and add additional layers of security to the system while we investigated the issue.
On 17th November we were able to confirm that 8 customers had been unlawfully upgraded to a new device by fraudsters who intended to intercept and sell on those devices.
I can now confirm that the people carrying out this activity were also able to obtain some customer information. In total, information from 133,827 customer accounts was obtained but no bank details, passwords, pin numbers, payment information or credit/debit card information are stored on the upgrade system in question.
We believe the primary purpose of this was not to steal customer information but was criminal activity to acquire new handsets fraudulently.
We are contacting all of these customers today to individually confirm what information has been accessed and directly answer any questions they have.
As an additional precaution we have put in place increased security for all these customer accounts.
We have been working closely with law enforcement agencies on this matter and three arrests have been made.
I understand that this will have caused some concern and inconvenience for our customers and for that I sincerely apologise.
Update Source: Three