Three UK Data Breach Puts Six Million Customers At Risk
Three men have been arrested in connection with a data breach at telecommunications and internet service provider, Three UK. Three confirmed that the exposed data includes names, phone numbers, addresses and dates of birth, but added that it did not include financial information. The company only discovered the problem after customers complained that they were receiving fraudulent calls with criminals attempting to gain access to their bank account details, with the attackers also accessing customer accounts, upgrading handsets and plans, then intercepting new handsets.
“Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices.” Three said in a statetment. “In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three’s upgrade system.”
The National Crime Agency confirmed the arrests in the following statement: “On Wednesday 16 November 2016, officers from the National Crime Agency arrested a 48-year old man from Orpington, Kent and a 39-year old man from Ashton-under-Lyne, Manchester on suspicion of computer misuse offences, and a 35-year old man from Moston, Manchester on suspicion of attempting to pervert the course of justice.”
Three UK Customers At Risk
Three hasn’t confirmed how many customers are at risk but has advised customers to call 333 on a Three mobile phone or 0333 338 1001 from another phone to get more information about the breach and whether their details may have been accessed.
The personal details of millions (some reports say six million) of Three customers in the UK are estimated to have been exposed, and the customers affected are at risk of fraud attempts similar to those which alerted Three UK to the extent of the data breach. Scam callers can use basic personal information to convince customers that they are calling from a legitimate business like a bank or phone company, requesting bank account numbers and other details.
Customers are also at risk of Phishing attacks in which scammers use the details to send fake emails and text messages that look real, to unsuspecting Three customers requesting credit card details and other information. If customers enter their bank account details, or give out the information over the phone they could be at risk of fraud. Opening attachments is not recommended and even clicking on links in these emails can be dangerous as they can point to hijacked domains and a landing page which executes malware on the victims computer. Given its huge popularity with criminals in recent years, this malware might even be Ransomware which hijacks the computer and its contents making them unavailable unless the victim pays the ransom.
A real example of a phishing attack that affected thousands of UK citizens last year appeared to be emails from HM Revenue and Customs saying: “You have a refund of 183.69 GBP and you can claim it by clicking on the link below”.
Exercise Caution
Infosec Partners advises Three UK customers to be on their guard and adhere to security best practices:
- Exercise caution when receiving unsolicited, unexpected, or suspicious emails, texts or phone calls
- Avoid clicking on links in unsolicited, unexpected, or suspicious emails and texts
- Avoid opening attachments in unsolicited, unexpected, or suspicious emails
- Keep security software up-to-date
Do not give out bank details over the phone and if you are concerned about the source of a call or email, contact the company directly. And Three customers may also want to contact their bank so that it can monitor for suspicious behaviour or calls from someone claiming to be them.
Infosec Partners can help
In today’s world, our lives are under attack like never before. The boundaries between our public, work and private lives have never been more blurred and our dependence on electronic communication and internet connectivity means there are many more avenues of attack for criminals who are actively targeting our personal and financial data, safety and reputation.
From significant global organisations to high profile individuals and families, Infosec Partners are trusted to optimise defences and protect against cyber attacks. Whether providing fully managed security services, independently testing your cyber readiness or providing crisis management and responding to incidents, Infosec Partners are proven partners of excellence and full-spectrum security experts that puts your security first.
Contact us today for more information and for your free consultation, by completing the adjacent form or call us to speak with one of our trusted advisors immediately:
+44 (0)1256 893662
