Last Wednesday, the National Crime Agency (NCA) announced that they have in custody two men suspected of breaching through Three Mobile's login database. Three Mobile is UK's fastest growing mobile network with over 10 million users as of the second quarter of 2016.
It was found out that the two men are from Orpington, Kent, and Ashton-under-Lyne Greater Manchester. A third suspect, also from Greater Manchester, is still in the run.
Suspicions were raised at Three Mobile when the company found out that their servers were being intercepted. Names, addresses and passwords of their customers were being unlawfully accessed by the minute. The company immediately sought for the police authorities' help.
With Three Mobile's over 10 million subscribers, it is still unknown as to how many accounts were compromised. But the company was quick to reassure everyone that no card, bank or payment details were accessed.
According to the company's spokesman, the breach was targeted at accounts with handsets due for upgrades. "This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices." He also added that "approximately 400 high value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity."
Three Mobile is now in touch with the eight fraud victims. It has also furthered its online security controls and has continued with their protocol of separating card details from login and upgrade details. The company is also working closely with authorities in building the case against the hackers.
However, with all these measures taken, Three Mobile customers are not happy. One customer from Skyhigh Networks wrote, "The website has no splash message to inform customers... When a hack takes place consumers expect to be told by the company instead of finding out via the morning news that their personal data may have been compromised."
Some believe reports are being downplayed, since customers had to punch in their payment details when they applied for an upgrade. Customers said they also had to provide personal details such as date of birth, gender, marital and employment status, email and phone numbers.
It is said that 6 million Three Mobile subscribers are due for an upgrade.
Three Mobile Chief Executive Dave Dyson releases a statement that the company is in the process of contacting affected customers this coming week. He adds, "I would like to apologize for this and any inconvenience this has caused."
