Three people were arrested in the UK last week in connection with a major data breach at one of Britain’s largest mobile phone operators.
In a statement, Three Mobile said hackers had used employee login details to access personal information belonging to a number of its customers who were eligible for a handset upgrade. The firm said details including customer names and addresses had been exposed, allowing those behind the breach to intercept handset upgrades.
It is thought the hackers were able to order eight smartphone upgrades and intercept them.
Officers from the National Crime Agency (NCA), often referred to as Britain’s FBI, detained two men in Manchester and one in Kent on suspicion of being involved in the scam. All three were released on bail pending further enquires, the NCA said.
A spokesman for the company said: “Over the last four weeks Three has seen an increasing level of attempted handset fraud.
“This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices.
“We’ve been working closely with the police and relevant authorities.
“To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity.”
The breach is the latest in a long line of hacks which suggest many big UK firms are not doing all they should to protect the personal information of their customers. Only weeks ago, dark web hackers were able to steal some £2.5 million from the accounts of as many 20,000 Tesco Bank customers. That breach came almost a year after security failings at broadband provider TalkTalk allowed cyber criminals to steal the details of 157,000 of its users.
This resulted in the firm being slapped with a record £400,000 fine after the Information Commissioner’s Office (ICO) ruled it had failed to take even basic steps to protect customers’ details. “Yes, hacking is wrong, but that is not an excuse for companies to abdicate their security obligations,” Information Commissioner Elizabeth Denham said.
Cases such as these have raised worries among campaigners over the Investigatory Powers Act, which was last week passed by the House of Lords and is awaiting Royal Assent. The bill allows the government to retain the internet browsing history of every UK household as part of its efforts to combat terrorism and organised crime. Among other concerns, critics point out that this will mean the whole of the UK population’s online history will be stored on a server somewhere which, as evidence proves, could well end up being hacked and made public.