As posted on Three finds more customers affected by 2016 data breach
Three has revealed that a customer data breach it caught wind of last November was more extensive than first thought. Using stolen employee logins, ne’er-do-wells gained access to a database used to manage handset upgrades, comprising customer details such as names, addresses, dates of birth, mobile numbers and information about mobile contracts (but no financial data). Initially, just over 130,000 subscribers were said to be affected, but upon further investigation, another 76,373 accounts have now been added to that total. No fraudulent activity has been spotted, but all newly identified customers have been contacted, Three says.
The Three data breach is particularly interesting in that the provider became aware something was amiss only after hundreds of high-value handsets were stolen. Some Three stores were burgled, and eight smartphones were ordered as upgrades by the wrongdoers, who then attempted to intercept packages as they made their way to customer addresses. Three suspects have been arrested, but so far there have been no related convictions. Law enforcement investigations and a probe by the Information Commissioner’s Office are ongoing.