A security breach at UK-based mobile phone carrier Three has led to the compromise of 133,827 customer accounts, said CEO Dave Dyson.
Hackers used an employee login to access Three’s customer upgrade database, which houses data including the “names, phone numbers, addresses and dates of birth” of users.
“I can now confirm that the people carrying out this activity were also able to obtain some customer information. In total, information from 133,827 customer accounts was obtained but no bank details, passwords, pin numbers, payment information or credit/debit card information are stored on the upgrade system in question,” said Dyson in a statement acknowledging the incident.
According to Dyson, the primary purpose of the hack was not to steal customer information, but was targeted towards the fraudulent acquisition of new high-end smartphones from Three.
On 17th November, the company was able to confirm that eight customers had been unlawfully upgraded to a new device by fraudsters who intended to intercept and sell the devices, said Dyson.
“Once we became aware of the suspicious activity, we took immediate steps to block it and add additional layers of security to the system while we investigated the issue,” Dyson said.
Three is working closely with law enforcement agencies on this matter and three arrests have been made, added Dyson.