From Three UK

As you may already know, we recently became aware of suspicious activity on the system we use to upgrade existing customers to new devices and I wanted to update all our customers on what happened and what we have done.

I understand that our customers will be concerned about this issue and I would like to apologise for this and any inconvenience this has caused.

Once we became aware of the suspicious activity, we took immediate steps to block it and add additional layers of security to the system while we investigated the issue.

On 17th November we were able to confirm that 8 customers had been unlawfully upgraded to a new device by fraudsters who intended to intercept and sell on those devices.

I can now confirm that the people carrying out this activity were also able to obtain some customer information. In total, information from 133,827 customer accounts was obtained but no bank details, passwords, pin numbers, payment information or credit/debit card information are stored on the upgrade system in question.

We believe the primary purpose of this was not to steal customer information but was criminal activity to acquire new handsets fraudulently.

We are contacting all of these customers today to individually confirm what information has been accessed and directly answer any questions they have.

As an additional precaution we have put in place increased security for all these customer accounts.
We have been working closely with law enforcement agencies on this matter and three arrests have been made.

I understand that this will have caused some concern and inconvenience for our customers and for that I sincerely apologise.

David Dyson
CEO

Source – Three UK