It has happened again, customers of the company Three UK experienced a new data breach.
Some customers logging into their accounts were able to view personal data (names, addresses, phone numbers) and call histories of other users.
The company promptly started an internal investigation and urged those affected to contact the customer service, it also confirmed that no financial data was exposed.
The Guardian confirmed that several customers were affected, it reported the case of several users presented with the data usage and call and text history of others when they logged in on Sunday night.
One customer cited by The Guardian, Mark Thompson, said it was a “shocking breach of data privacy”. He wrote on Three UK’s Facebook page: “Care to explain just how my details have been shared, how many people have had access to my personal information, for how long, and how many of your other customers have had their details leaked by yourselves to other members of the public as well?”
Three UK has 9 million customers in the UK, but according to the company only a small portion of customers has been affected by the issue.
“We are aware of a small number of customers who may have been able to view the mobile account details of other Three users using My3,” a spokesman said. “No financial details were viewable during this time and we are investigating the matter.”
The Information Commissioner’s Office announced it “will be looking into this potential incident involving Three”.
“Data protection law requires organisations to keep any personal information they hold secure. It’s our job to act on behalf of consumers to see whether that’s happened and take appropriate action if it has not.” said a spokeswoman from the ICO.
It isn’t the first time Three UK makes the headlines, in November 2016 the mobile carrier confirmed a major cyber security breach which exposed personal data of a portion of its customers, roughly 133,000 users.
Authorities arrested three men for this crime.
(Security Affairs – Three Mobile, data breach)