Thursday, November 17, 2016

Three UK Suffer Major Data Breach – 6 Million Customers At Risk

Major UK carrier Three which is responsible for 37% of all UK Mobile data has admitted Thursday evening that their customer database was breached using an employee's login. Up to six million of the company's nine million customers could be at risk and that the data accessed included names, phone numbers, addresses and dates of birth, they also stated that no financial information was accessed.

A spokesman for Three told The Telegraph:

"Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices. We've been working closely with the Police and relevant authorities. To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity. The investigation is ongoing and we have taken a number of steps to further strengthen our controls. In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three's upgrade system. This upgrade system does not include any customer payment, card information or bank account information."

The company has since said that it has strengthened data security and will be contacting the eight victims of handset fraud. The National Crime Agency has reported that a 35 year old male from Manchester has been arrested on suspicion of attempting to pervert the course of justice, while a 48 year old male from Kent and a 39 year old male from Manchester have been arrested under suspicion of computer misuse offences. All three have since been released on bail pending further investigation.

Any customers that are concerned about their account or data can contact Three by calling 333 from a Three mobile or on 0333 338 1001 from any other phone to enquire if their details were accessed. All customers should pay particular attention to potential phishing attacks, as stolen details can be used to make it appear as though an email or phone call is from a business such as a bank that you would normally trust. It is also advisable to change the online password for your Three account and any other website or service that uses the same password.

The legal repercussions of this breach are still unclear however, it is possible that the Information Commissioner's Office will give Three a fine of up to £500,000. The largest fine issued by the ICO so far has been £400,000 to ISP TalkTalk after a data breach affecting 157,000 customers.

This article will continue to be updated as we learn more



from xda-developers http://ift.tt/2fBJGoy
via IFTTT

No comments:

Post a Comment