Three Mobile hack puts privacy of six million customers at risk

Three Mobile has revealed that a recent cyber attack has rendered over six million customer accounts vulnerable to fraud and privacy breach.

Three Mobile says hackers gained access to customer upgrade database using an employee login to access secure information.

The startling revelation was made by Three on Thursday evening and the company said that even though hackers may have accessed confidential data like names, addresses, phone numbers and date of births, financial information of customers are still secure. Out of the network's nine million customers, a total of six million, or two-thirds of them, are said to be affected by the hack.

It's not them, it's you! Human error causes more data breaches

"Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices. We’ve been working closely with the Police and relevant authorities. To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity," said Three Mobile in a press statement.

"The investigation is ongoing and we have taken a number of steps to further strengthen our controls. In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three’s upgrade system. This upgrade system does not include any customer payment, card information or bank account information," it added.

Even though hackers can't gain access to financial information of customers, they may still be able to sell other pieces of customers' confidential information to criminals and in the dark market. At the same time, they may use the customer upgrade database to upgrade to premium handsets automatically and intercept them before they reach customers. Three Mobile is working with the police and other law enforcement authorities to ensure the damage caused isn't significant but it will be a few days before we can understand the true impact of the massive data hack. Some headway has, however, been made.

Your phone's end to end encryption isn't as strong as you think it is

"On Wednesday 16 November 2016, officers from the National Crime Agency arrested a 48-year old man from Orpington, Kent and a 39-year old man from Ashton-under-Lyne, Manchester on suspicion of computer misuse offences, and a 35-year old man from Moston, Manchester on suspicion of attempting to pervert the course of justice. All three have since been released on bail pending further enquiries. As investigations are on-going no further information will be provided at this time,” said the National Crime Agency.

Back in June, a report from Egress Software Technologies revealed that over 66 per cent of business sectors saw a rise in data breaches over the last three years. It said that human error stood out for having accounted for over 62 per cent of all data breaches. Other factors like lack of security or hacking accounted for just 9 per cent of all data breaches combined. In Three's case, hackers got their hands on a secure employee login detail to get through the network's database which points to another example of human error in play here.

Mobile Choice has reached out to Three for comment on the issue and we'll let you know once we receive a response from them.

Leave a Comment