On or above 133,000 customer accounts were breached by fraudsters in an attempt to upgrade and steal phones to sell them on, Three has said.
The UK mobile phone network provider said no financial information such as bank account details were accessed.
However, contract and billing data as well as details like job and marital status may have been obtained.
Eight customers have been unlawfully upgraded to a new device and in total, 133,827 accounts were breached.
Dave Dyson, chief executive of Three, which has nine million customers, said: "We believe the primary purpose of this was not to steal customer information but was criminal activity to acquire new handsets fraudulently."
In a statement, Mr Dyson apologised and said that the company was contacting all customers concerned.
He said: "Once we became aware of the suspicious activity, we took immediate steps to block it and add additional layers of security to the system while we investigated the issue."
This week, the National Crime Agency confirmed that three people had been arrested in connection with the data breach, including two men from Manchester and one man from Kent. All three have been released on bail pending further enquiries.
0 comments: