[BreachExchange] Three finds more customers affected by 2016 data breach
Inga Goddijn
inga at riskbasedsecurity.com
Wed Mar 15 20:42:18 EDT 2017
https://www.engadget.com/2017/03/15/three-2016-data-breach/
Details of nearly 210,000 customers are now said to have been compromised.
Three has revealed that a customer data breach it caught wind of last
November <https://www.engadget.com/2016/11/17/three-uk-hack/> was more
extensive than first thought. Using stolen employee logins, ne'er-do-wells
gained access to a database used to manage handset upgrades, comprising
customer details such as names, addresses, dates of birth, mobile numbers
and information about mobile contracts (but no financial data). Initially,
just over 130,000 subscribers were said to be affected, but upon further
investigation, another 76,373 accounts have now been added to that total
<http://www.threemediacentre.co.uk/news/2017/handsetfraud-update.aspx>. No
fraudulent activity has been spotted, but all newly identified customers
have been contacted, Three says.
The Three data breach is particularly interesting in that the provider
became aware something was amiss only after hundreds of high-value handsets
were stolen. Some Three stores were burgled, and eight smartphones were
ordered as upgrades by the wrongdoers, who then attempted to intercept
packages as they made their way to customer addresses. Three suspects have
been arrested, but so far there have been no related convictions. Law
enforcement investigations and a probe by the Information Commissioner's
Office are ongoing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170315/f528e9a6/attachment.html>
More information about the BreachExchange
mailing list