Three men have reportedly been arrested in relation to a data breach at mobile-phone network Three. Two of the men, aged 39 and 35, were arrested by the National Crime Agency in the Greater Manchester area on Wednesday, while the third, aged 48, was arrested in Orpington, Kent, according to Sky News.
It is understood that the three are suspected of involvement in a scam that saw thieves allegedly take information from Three’s upgrade database and use it to issue eight new phones. It is alleged that these phones were then intercepted on their way to a Three customer whose account was used to generate the request.
Although there have been reports that the three were being investigated on suspicion of fraud, Sky News reported that the two older men were in fact arrested on suspicion of offences under the Computer Misuse Act, while the younger man was arrested on suspicion of attempting to pervert the course of justice. All three are understood to have been released on bail.
IT Pro has contacted the NCA for confirmation of Sky News’ report, but hadn’t received a reply at the time of publication.
It also remains unclear at this point how the data came to be compromised, other than an employee login was used, and how many Three customers have been affected – although it has been reported elsewhere that around six million accounts have been accessed, IT Pro understands the number to be significantly lower.
IT Pro contacted Three for clarification of these points, but had not received a response at the time of publication.
This is a developing story, which will be updated as more information becomes available.
17/11/2016: Three mobile network hit by “data breach”
UK mobile network Three has been hit by what is being reported as a major security breach, with customer information including names and phone numbers allegedly accessed illegally.
Three confirmed late on Thursday night that the breach had taken place, with the data, which was stored in a customer upgrade database, accessed via an employee login.
Although The Telegraph, which was first to break the story, has reported that “the private information of two-thirds of the company’s nine million customers could be at risk”, IT Pro understands the number affected is in fact much lower and potentially in the dozens, rather than millions.
IT Pro contacted Three for a statement on the reports and confirmation of how many people have potentially been affected, but had not received a response at the time of publication.
It is also unclear at this point whether or not the company was hit by external hackers and if any data was actually exfiltrated.
The news comes almost a year to the day after another UK mobile network, TalkTalk, was hit by a massive cyber-breach, which affected more than 150,000 customers. Earlier this week, a 17-year-old boy admitted to carrying out the attack.
This is a developing story, which will be updated as more information becomes available.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
