Three UK, one of Britain’s largest mobile networks, has admitted that a cyber-security breach has compromised the private data of its customers. Hackers used an employee login to access Three’s customer upgrade database, which houses data including the “names, phone numbers, addresses and dates of birth,” of an estimated six million users.
Three confirmed the incident on Thursday evening, explaining that the hackers used their access to upgrade customers to new handsets, which they then intercepted, seemingly with the intention of reselling the smartphones elsewhere.
“We’ve been working closely with the Police and relevant authorities. To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity,” said a spokesperson for Three. “The investigation is ongoing and we have taken a number of steps to further strengthen our controls.”
Three men have been arrested in connection with the incident and have since been released on bail pending further enquiries.
Three UK hasn’t disclosed who of its 9 million customers have been affected by the breach, but confirmed that the private data accessed did not include financial details.