Three UK Breached via a Compromised Employee Account

Three has issued a public statement reporting that hackers have breached the company’s system by using a compromised employee login. A thorough investigation is underway. Read on to find out more about the issue.

Three UK Compromised By Hackers

The latest victim of a serious security breach is none other but Three UK. The Telecom operator has suffered a major attack which can potentially expose a large number of sensitive information of their customers. According to various security reports about as many as two-thirds of all clients of the service are affected.

There is still limited information about the incident however various media report that hackers have successfully gained access to the customer upgrade database via an employee login. They have used this to trigger bogus upgrades for premium devices with the aim of intercepting them before they reach the actual customers. The compromised data includes customer names, phone numbers, addresses and dates of birth. Fortunately the data does not contain any financial-related information.

According to the National Crime Agency three men have been arrested in relation to the crime.

Such incidents can be avoided by following good security measures including two-factor authentication.

Three’s public statement reads the following:

Handset Fraud Investigation

We’re aware of an attempted fraud issue regarding upgrade devices and are working with police and relevant authorities on the matter. The objective was to steal high-end smartphones from Three but we’ve already put measures in place to stop the fraudulent activity.

We’d like to reassure customers that their financial details are not at risk. We are investigating how many customers are affected and will be contacting them as soon as possible. We’ll update with further information once we have this.

Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices.

We’ve been working closely with the Police and relevant authorities. To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and 8 devices have been illegally obtained through the upgrade activity.

The investigation is ongoing and we have taken a number of steps to further strengthen our controls.

In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three’s upgrade system. This upgrade system does not include any customer payment, card information or bank account information.

Was this content helpful?

Avatar

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *