Six million users may be at risk after a legitimate employee login, and password was used to access its customer upgrade database.
The Telegraph UK reports that Three, the UK’s third largest mobile carrier has had a breach and up to six of its nine million customer records are at risk.
Three admitted to the breach only after it received numerous complaints from customers that scam callers were attempting to gain access to their bank accounts. Three said that the data accessed included names, phone numbers, addresses and dates of birth, but added that it did not include financial information. As of writing the affected customers have not been notified by Three.
The Guardian has just reported that police have arrested three men over Three’s data breach. The breach occurred “several weeks ago.”
{loadposition ray}
The fraudsters have used the database of customers eligible for an upgraded handset to arrange for upgraded phones, believed to include iPhone and Samsung handsets, to be sent to eight customers before intercepting them.
A Three spokesman said: "Over the last four weeks Three has seen an increasing level of attempted handset fraud. To date, we have confirmed approximately 400 high-value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity.”
It is unknown if the data has been made available on the dark web for other cyber-crime purposes. Given that scammers have contacted customers that is highly likely.