Hackers have accessed a database of customer information belonging to one of the UK’s biggest mobile carriers, Three. According to a report from The Telegraph, the company said the database included names, phone numbers, addresses, and dates of birth, but no financial information. Three said that their internal systems were accessed using an employee login — rather than exploiting a fault in the software.
Over the past four weeks, Three says it has experienced “an increasing level of attempted handset fraud.” This has included more burglaries targeting the company’s retail stores, and criminals using customer data to request, and then intercept, new handsets issued as part of Three’s mobile subscriptions.
“Eight devices have been illegally obtained through the upgrade activity.”
“To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity,” said a company spokesperson. “The investigation is ongoing and we have taken a number of steps to further strengthen our controls. In order to commit this type of upgrade handset fraud, the perpetrators used authorized logins to Three’s upgrade system. This upgrade system does not include any customer payment, card information or bank account information.”