Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Fraud & Identity Theft

Details of 133,000 Three Customers Stolen by Hackers

Hackers managed to obtain information from 133,000 user accounts after breaching the system used by U.K. telecommunications company Three to identify which customers are eligible for a device upgrade.

Hackers managed to obtain information from 133,000 user accounts after breaching the system used by U.K. telecommunications company Three to identify which customers are eligible for a device upgrade.

The firm revealed last week that there had been an uptick in attempted phone fraud over the past four weeks, including through burglaries at Three stores and intercepted phone upgrades. In eight cases, the company believes phone upgrades were intercepted using information unlawfully obtained from its upgrade system.

According to Three CEO David Dyson, the attackers accessed information from 133,827 customer accounts via “authorized log-ins.” For 107,000 of these customers, the hackers obtained information such as name, billing data, payment type, Three account number, contract details, and handset type.

The other 26,000 people had their name, date of birth, gender, handset type, contract details, phone number, email address, previous address, marital status and employment status exposed. The company has highlighted that bank details, payment information, passwords or PINs are not affected.Three hacked

“We believe the primary purpose of this was not to steal customer information but was criminal activity to acquire new handsets fraudulently,” Dyson said. “We are contacting all of these customers today to individually confirm what information has been accessed and directly answer any questions they have. As an additional precaution we have put in place increased security for all these customer accounts.”

Authorities announced that three people from Kent and Manchester have been arrested in connection with the data breach. They have all been released on bail.

Three is not the only major U.K. telecoms company to suffer a data breach. In October 2015, hackers managed to steal the details of nearly 157,000 TalkTalk customers, including personal and, in some cases, financial information.

One year later, the U.K. Information Commissioner’s Office handed TalkTalk a record fine of £400,000 ($510,000) for failing to protect its customers’ personal data.

Advertisement. Scroll to continue reading.

Related Reading: Criminal Capability Outpacing Ability to Defend Attacks in UK

Related Reading: UK Software Firm Sage Suffers Breach

Related Reading: Carphone Warehouse Data Breach Could Affect 2.4 Million Customers

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.


Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam.


Spanish and US authorities have dismantled a cybercrime ring that defrauded victims of more than $5.3 million.

Application Security

After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple...

Application Security

Software maker Adobe has rolled out its first batch of security patches for 2023 with fixes for at least 29 security vulnerabilities in a...