The UK-based mobile phone company and internet service provider Three experienced a data breach this week—just months after data from more than 100,000 users was accessed by fraudsters.
After logging into their accounts online, Three customers were able to see the names, addresses, phone numbers and call histories of other users. Three responded by saying the breach was a “technical issue with its systems”, and asked affected users to get in touch.
However, this will come as little consolation to Three’s 9 million UK users, who will no doubt worry that their personal information may have been visible to total strangers.
Three appeared to attempt to downplay the seriousness of the breach, with a spokesman stating:
We are aware of a small number of customers who may have been able to view the mobile account details of other Three users using My3. No financial details were viewable during this time and we are investigating the matter.
Whether or not financial details were leaked, this latest data breach isn’t good news for Three’s reputation, coming just months after the names and addresses of thousands of the company’s customers were retrieved by fraudsters. Using authorized logins to one of Three’s customer databases, the three men were able to access the information of 133,000 users.
Its understandable, given their terrible recent privacy history, that Three would seek to downplay this latest issue—but their lack of long-term commitment to protecting their users’ data is a serious matter.