Six million Three Mobile users could be at risk in UK data breach
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email

Pedestrians walk past an O2 mobile phone store, operated by Telefonica SA, left, and a Three mobile phone store, operated by Hutchison Whampoa Ltd., in Basildon, U.K., on Thursday, March 26, 2015. Photo credit: Chris Ratcliffe/Bloomberg via Getty Images Israel

Pedestrians walk past an O2 mobile phone store, operated by Telefonica SA, left, and a Three mobile phone store, operated by Hutchison Whampoa Ltd., in Basildon, U.K., on Thursday, March 26, 2015. Photo credit: Chris Ratcliffe/Bloomberg via Getty Images Israel

The hackers used the data to order new phones for themselves to resell

The Telegraph reports that up to 6 million wireless customers of Three Mobile have had their personal information compromised by hackers. The data includes phone numbers, birth dates, full names, and people’s home addresses.

Mining the data, they used their access to order phone upgrades in eligible customers’ names and then take delivery of the devices themselves, probably to resell them at a profit. Manchester Evening News says that at least 400 devices were stolen from stores using falsified identifications, and at least 8 devices were intercepted going past the post. Three men have since been arrested for their alleged involvement.

“In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three’s upgrade system,” the company said in a statement to press. It is not clear if they obtained valid access by going after an employee with malware, or if there was some sort of inside connection that enabled their efforts. The company says it is investigating and has not provided any more details at this time.

Three Mobile accounts for about 10% of the wireless market share in the UK, but the customers who’ve been affected  at least two-thirds of the company’s entire subscriber base — have not yet been notified if they were among those breached.

Subscribers wanting more information are advised to call 333, the information hotline number for UK network customers. Some emails and pin numbers for the devices were also apparently compromised, so changing your login might be a good idea. Depending on what else the hackers do with the data, they could sell it to spammers or other parties.

Three may suffer financially for this, and not just due to angry customers. British regulators recently fined the ISP provider TalkTalk for failing to secure its customers’ data properly, as last year nearly 157,000 customers had their information compromised when an SQL injector breached an old consumer database. And it follows a recent breach at Tesco Bank that affected 40,000 accounts.

Fortunately, for now it seems no financial data was present in the Three database. That said, some emails and pin numbers for devices were, so changing your login might be a good idea. Depending on what else the hackers do with the data, they could sell it to spammers or other parties, and with the personal details on hand, financial fraud is doable. Phishing scams could very well proliferate using this data.

Share on:Share
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email

More Goodies From Mobile


The most popular app trends of 2017

Top 10 Kansas City startups spread across two states

Security is sacred: CIA, WikiLeaks, and what we can do about it