Story : http://www.ispreview.co.uk/index.php/2017/03/three-uk-revise-2016-data-breach-re
Mobile operator Three UK has revealed that 76,373 more customers than initially reported were affected by last year’s data breach of their database (i.e. users eligible for a phone upgrade), which means that a total of 210,000 users had their personal data compromised (up from 133,827).
The original breach saw several hackers or fraudsters use “authorised logins” (stolen from employees) to access Three UK’s internal customer database, which contained the names, phone numbers, addresses, dates of birth and some emails for 6 million of the operators’ 9 million customers in the United Kingdom. Mercifully the database did not contain any financial data, pin numbers or account passwords.
After this the fraudsters used the data to order and sell on new handsets fraudulently, which was achieved by the criminals either impersonating support agents and or placing orders for the upgraded phones and then intercepting the parcels as they arrive (related phones were then resold). At the time Three UK confirmed that three people had been arrested in connection with the crime and all have since been released on bail.
This week the operator has revealed that “additional files were recovered” during the investigation, which have now been analysed and as a result they’ve felt it necessary to contact a further 76,373 customers in order to advise them of the situation.