A data breach targeting prominent UK mobile network provider Three Networks sees a total of 133,827 customer accounts compromised, the company has confirmed.
The mobile network provider has confirmed that no banking information has been obtained by the attackers, while admitting that over 133,000 customer accounts were accessed in total.
Out of that number, 107,102 customers’ information including handset or SIM-only customers, contract start and end dates, the account number and period as a customer with Three, billing dates and names could all be revealed.
Furthermore, some 26,725 customers’ information that was accessed could include personal details such as name, address, date of birth, gender, handset type, contract start and end dates, telephone numbers, email addresses, marital and employment status, previous address as well as the customers’ phone number.
A National Crime Agency investigation has so far seen three men arrested who have alleged ties to the breach.
In a public message to customers, Three CEO Dave Dyson has moved to assure customers that no bank information was accessed, along with an apology.
He also sought to provide answers for the reason behind the breach, stating:
We believe that the primary purpose of this was not to steal customer information but was criminal activity to acquire new handsets fraudulently.
I understand that this will have caused some concern and convenience for our customers and for that, I sincerely apologize.
The company is now reaching out to all affected customers to let them know what details of theirs could be compromised.
“For the avoidance of doubt, no financial information, bank details, payment information, passwords or pin numbers were viewed or obtained,” Dyson added.
The breach, which occurred late last week, saw attackers fraudulently use the company’s phone upgrade system in an attempt to steal handsets. The three accused are now out on bail and Three has added that it is continuing to work with law enforcement agencies.
Image credit: Wikimedia.