Categories: CyberCrimeSecurity

New Three Data Breach Exposes Mobile Customer Account Details To Total Strangers

Three has suffered a new data breach after an apparent technical glitch saw customers presented with the account details of other subscribers.

Those affected could apparently access the bills, call logs and phone numbers of other people using the My3 mobile application.

One customer was made aware of the incident after someone else who had access to his account phoned them.

Tales in tech history: Three’s entry into the UK mobile market

Three data breach

“Care to explain just how my details have been shared, how many people have had access to my personal information, for how long, and how many of your other customers have had their details leaked by yourselves to other members of the public as well?” Mark Thompson said on Three’s official Facebook page. “I find this a shocking breach of data privacy.”

He detailed his communications with Three customer support and said he had informed both the tech and fraud teams at the Hutchison-owned operator. Others on Facebook and Twitter said they were also affected, while other complained Three’s online services and applications were down – presumably while the glitch is investigated.

At the time of writing, Silicon was unable to access several services on the My3 app.

“We are aware of a small number of customers who may have been able to view the mobile account details of other Three users using My3,” a spokesperson told The Guardian. “No financial details were viewable during this time and we are investigating the matter.”

The Information Commissioner’s Office (ICO) has confirmed it will look into the incident.

“We will be looking into this potential incident involving Three,” a spokesperson told Silicon. “Data protection law requires organisations to keep any personal information they hold secure. As the regulator, it’s our job to act on behalf of consumers to see whether that’s happened and take appropriate action if it has not.

“If people are concerned their details may have been used, there are measures they can take to guard against identity theft, for instance being vigilant around items on their credit card statements or checking your credit ratings.”

The incident further damages Three’s reputation for cybersecurity. In November, it was eported that criminals had gained acces to Three’s customer database, which includes names, addresses, dates and births of those eligible for smartphone upgrades.

It also evokes memories of an even worse breach at online PC game marketplace Steam on Christmas Day 2015 as on this occasion, even card details were leaked.

Quiz: What do you know about Internet security?

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Apple Orders Staff Back To Office, Three Days A Week

Memo from Tim Cook tells Apple staff in the Bay area, that from next month,…

1 hour ago

Silicon UK In Focus Podcast: Configuring Security

Do businesses need a radical change in how they approach access security? Does a shift…

2 hours ago

New US Export Controls Target China Semiconductor Firms

US introduces export controls on design software and substrate materials to block Chinese companies from…

1 day ago

US Judge Approves Apple Settlement In Retail Class Action Lawsuit

US federal judge approves settlement offered by Apple in nearly decade-old case over compensation for…

1 day ago

Ola Plans Premium Electric Car For Indian Market

SoftBank-backed ride-hailing firm Ola Electric announces range of electric cars starting in 2024 following success…

1 day ago

Faraday Future Raises Fresh Backing For Electric SUV Debut

Electric car start-up Faraday Future looks to raise up to $600m in new funds as…

1 day ago