Three Mobile cyber-attack: Part 2

Next story
Olivia Storey/James Pavett

November 2016 saw Three Mobiles suffer a data breach affecting over 6 million customers.

Three Mobile UK is a popular telecommunications company in the UK, which has been providing network and handsets for the past 13 years.

The company admitted a major cyber security breach back in November 2016, which put millions of customer’s personal details at risk, including information on names, phone numbers, addresses and date of birth.

Although no financial details were compromised, the hackers accessed accounts, upgraded devices and then intercepted the new device when in transit.

Now, almost 6 months later, Three Mobile has said 76,373 more customers have been affected than previously stated. This is after an ongoing fraud investigation, showing a 57% increase on the initial estimates made last year.

Three have stated that it is unknown how long the fraud investigation will continue for, but that they do not expect any more customers to be affected, and that Three Mobile has contacted the additional customers affected.

It is stressed that the personal details stolen could be used elsewhere, to access other accounts and possibly attempt to find financial details. The company advised to be vigilant and cautious about anyone contacting them, and never to give out banking information.

Mark James, ESET IT Security Specialist, offers a professional look at data theft and how to avoid further defrauding if you have already been compromised.

“As always with this type of data breach, the focus seems to be on financial information not being obtained.

 “However, when you look at the actual data that was stolen, names, addresses, dates of birth and methods of payment, the bank details are the easiest to change!

“The type of information we either would not, or could not change is being sold, traded, stored or accessed online by cybercriminals to build a profile of you, the victim.

“It is then reused much later down the line, often to get more information that can be used either for financial gain or identity theft.

“Spam or nuisance calls are usually met with instant dismissal when the terms or greetings are generic or details vague, but when presented with tangible or recognisable snippets of proof it’s much more likely the end user will be successfully duped into giving away something much more valuable.

“Always be vigilant when receiving emails or calls out of the blue, don’t be concerned over checking their validity, if necessary hang up and make a separate call on your mobile to verify details given, if it’s a legit company they won’t penalise you for making sure.


Were you impacted by the Three breach? Let us know on Twitter @ESETUK.


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.