Computer hackers have broken into a database of Three Mobile customers and accessed their personal details in order to steal smartphones, the UK network said on Thursday.
A spokesman for the company said there had been an uptick in attempted phone fraud over the past four weeks, both through burglaries of Three retail stores and intercepting customer phone upgrades.
“In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three’s upgrade system.
“This upgrade system does not include any customer payment, card information or bank account information,” the spokesman said.
A probe is currently underway to determine how many more of the company’s nine million customers have had their data breached, while the eight known clients have been contacted by Three.
A source close to the matter was quoted by The Telegraph as saying the private information of two thirds of Three customers could be at risk.
“The investigation is ongoing and we have taken a number of steps to further strengthen our controls,” said the company spokesman.
Three people were arrested on Wednesday in connection to the fraud and have since been bailed.
A 48-year-old man from Kent, south-east England, and a 39-year-old man from Manchester, north-west England, were arrested on suspicions of computer misuse offences.
A 35-year-old man also from Manchester was arrested on suspicion of attempting to pervert the course of justice.
Related: TalkTalk Handed Record Fine for Data Breach
Related: Information Commissioner Talks Privacy Laws in Post-Brexit UK