Millions of customer records have been allegedly exposed online in a Three Mobile major data breach. “The private information of two thirds of the company’s nine million customers could be at risk,” according to The Telegraph.
The British telecom company was supposedly hacked by three criminals who gained access to addresses, phone numbers, names and dates of birth. Data such as bank card numbers and accounts were not stored on the system, the company says. The hack was confirmed on Thursday, but Three Mobile made no further comments regarding stolen customer data or the exact number of customers affected.
The hackers used employees’ login credentials to access the handset upgrade database to order and steal new handsets. They also ordered new phones and intercepted the handsets. Three men have been arrested as the masterminds behind the attack, two from Manchester and one from Kent.
“To date, we have confirmed approximately 400 high-value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity,” a company spokesperson said. “The investigation is ongoing and we have taken a number of steps to further strengthen our controls. In order to commit this type of upgrade handset fraud, the perpetrators used authorized logins to Three’s upgrade system. This upgrade system does not include any customer payment, card information or bank account information.”
Although the company says its customers’ financial information hasn’t been exposed, hackers could have still contacted the victims and used the other data to get more private details. Customers are advised to not give out any personal information via phone, as the callers may be impersonating the mobile carrier.