UK Three mobile customers experienced a new data breach, this time a technical issue caused the exposure of their personal details.
It has happened again, customers of the company Three UK experienced a new data breach.
Some customers logging into their accounts were able to view personal data (names, addresses, phone numbers) and call histories of other users.
The company promptly started an internal investigation and urged those affected to contact the customer service, it also confirmed that no financial data was exposed.
The Guardian confirmed that several customers were affected, it reported the case of several users presented with the data usage and call and text history of others when they logged in on Sunday night.
One customer cited by The Guardian, Mark Thompson, said it was a “shocking breach of data privacy”. Hewroteon Three UK’s Facebook page: “Care to explain just how my details have been shared, how many people have had access to my personal information, for how long, and how many of your other customers have had their details leaked by yourselves to other members of the public as well?”
Three UK has 9 million customers in the UK, but according to the company only a small portion of customers has been affected by the issue.
“We are aware of a small number of customers who may have been able to view the mobile account details of other Three users using My3,” a spokesman said. “No financial details were viewable during this time and we are investigating the matter.”
The Information Commissioner’s Office announced it “will be looking into this potential incident involving Three”.
“Data protection law requires organisations to keep any personal information they hold secure. It’s our job to act on behalf of consumers to see whether that’s happened and take appropriate action if it has not.” said a spokeswoman from the ICO.
It isn’t the first time Three UK makes the headlines, in November 2016 the mobile carrier confirmed a major cyber security breach which exposed personal data of a portion of its customers, roughly 133,000 users.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.