Hackers compromised Three’s upgrade database – putting the personal information of its nine million customers at risk.
Three Mobile is the latest big firm to be hit with a major cyber attack, joining the likes of TalkTalk and Tesco Bank in an ever growing list of breached companies.
Three Mobile, one of the UK’s biggest mobile phone companies, has admitted that hackers used an employee login to access its customer upgrade database. According to sources cited by the Telegraph, the private information of two thirds of Three Mobile’s nine million customers could be at risk.
As investigations continue, CBR looks at what we the vital questions yet to be answered by Three Mobile.
What was taken?
The major telco has not yet disclosed if customer’s data was stolen or how many customers could be affected. Three has confirmed that names, phone numbers, addresses and date of births have been accessed, but was quick to assure that no financial information had been accessed.
When was the hack?
Three was alerted to a potential attack after receiving complaints from customers who said that scam callers were trying to access their bank accounts. Three said in a statement:
“Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices.”
Why and how was Three hacked?
It seems that the hackers were committing a type of handset fraud – accessing customer accounts, upgrading handsets and plans, then intercepting new handsets. The hack into Three’s extensive upgrade database may be isolated to handset fraud, or the hackers may look to monetise the data.
“In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three’s upgrade system,” said a Three spokesperson.
“This upgrade system does not include any customer payment, card information or bank account information.”
Are the police involved?
The National Crime Agency is investigating the breach, alongside investigations by the police and Three. The major telco said saying:
“We’ve been working closely with the Police and relevant authorities. To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity.
“The investigation is on-going and we have taken a number of steps to further strengthen our controls.”
Have the hackers been identified?
It does seem that arrests have been made in connection with the breach. A spokesperson for the NCA said:
“On Wednesday 16 November 2016, officers from the National Crime Agency arrested a 48-year old man from Orpington, Kent and a 39-year old man from Ashton-under-Lyne, Manchester on suspicion of computer misuse offences, and a 35-year old man from Moston, Manchester on suspicion of attempting to pervert the course of justice.
“All three have since been released on bail pending further enquiries. As investigations are on-going no further information will be provided at this time”.
What will the repercussions be?
If we look at what happened to TalkTalk following its mega data breach, Three Mobile should expect fines and a customer exodus. TalkTalk lost 95,000 subscribers following the hack, with the bill of the breach standing at around $60 million.