View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 18, 2016updated 30 Nov 2016 5:18pm

Three Mobile Hack – 6 vital questions about the major data breach answered

Hackers compromised Three's upgrade database - putting the personal information of its nine million customers at risk.

By Ellie Burns

Three Mobile is the latest big firm to be hit with a major cyber attack, joining the likes of TalkTalk and Tesco Bank in an ever growing list of breached companies.

Three Mobile, one of the UK’s biggest mobile phone companies, has admitted that hackers used an employee login to access its customer upgrade database.  According to sources cited by the Telegraph, the private information of two thirds of Three Mobile’s nine million customers could be at risk.

As investigations continue, CBR looks at what we the vital questions yet to be answered by Three Mobile.


What was taken?

The major telco has not yet disclosed if customer’s data was stolen or how many customers could be affected. Three has confirmed that names, phone numbers, addresses and date of births have been accessed, but was quick to assure that no financial information had been accessed.


When was the hack?

Three was alerted to a potential attack after receiving complaints from customers who said that scam callers were trying to access their bank accounts. Three said in a statement:

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices.”


Three Mobile hack

Why and how was Three hacked?

It seems that the hackers were committing a type of handset fraud – accessing customer accounts, upgrading handsets and plans, then intercepting new handsets. The hack into Three’s extensive upgrade database may be isolated to handset fraud, or the hackers may look to monetise the data.

“In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three’s upgrade system,” said a Three spokesperson.

“This upgrade system does not include any customer payment, card information or bank account information.”


Are the police involved?

The National Crime Agency is investigating the breach, alongside investigations by the police and Three. The major telco said saying:

“We’ve been working closely with the Police and relevant authorities. To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity.

“The investigation is on-going and we have taken a number of steps to further strengthen our controls.”


Have the hackers been identified?

It does seem that arrests have been made in connection with the breach. A spokesperson for the NCA said:

“On Wednesday 16 November 2016, officers from the National Crime Agency arrested a 48-year old man from Orpington, Kent and a 39-year old man from Ashton-under-Lyne, Manchester on suspicion of computer misuse offences, and a 35-year old man from Moston, Manchester on suspicion of attempting to pervert the course of justice.

“All three have since been released on bail pending further enquiries. As investigations are on-going no further information will be provided at this time”.


What will the repercussions be?

If we look at what happened to TalkTalk following its mega data breach, Three Mobile should expect fines and a customer exodus. TalkTalk lost 95,000 subscribers following the hack, with the bill of the breach standing at around $60 million.


Also on CBR: Tesco Bank Hack: 20 key facts about Tesco Bank and its IT systems



Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.