Three admits a further 76,000 customers hacked

In the latest attempt to quantify the extent of the Three hack last November, the mobile operator now reports the number of customers whose details were breached stands at 210,000.

In November, Three revealed that hackers used an employee’s login credentials to gain entry into a database of customers who were eligible for a phone upgrade. Customers’ addresses, dates of birth, email addresses and telephone numbers were among the personal details that were compromised.

Three initially claimed that 133,827 customers’ details had been accessed, but it now reveals that as part of the investigation, law enforcement discovered a further 76,373 accounts that were compromised. The revised figure is still significantly lower than the estimated 6 million that was first reported by the Telegraph.

The scheme

Despite the fact that no financial information, bank details, passwords or PINs were obtained, criminals were still able to monetise the stolen information.

In a convoluted scheme that resorted to burglary and robbery, criminals used customers’ details to order new devices, then they either intercepted the phones en route to the customers or burgled the stores the phones had been shipped to.

Approximately 400 high-value handsets were stolen in burglaries, and 8 were intercepted while in transit.

In November, police arrested three people in connection with the plot. All three were released on bail. A spokesperson for the National Crime Agency (NCA) said: “As investigations are ongoing, no further information will be provided at this time”.

Further information

Last week, four months are the breach was first reported, Three announced that the NCA’s investigation had led to the discovery of the additional 76,373 records.

Once Three was able to identify the affected customers, it contacted them and publicly disclosed the new information. It confirmed that, as with the initial disclosure, these latest records did not contain any financial information.

Three believes that this is now the full extent of the breach.

Subscribe to the Daily Sentinel for updates on this story and all the latest cyber security news.