Three upgrades hack: Are you at risk?
Report claims two-thirds of customer data was available to hackers

Yet another cyber-attack has hit the headlines, this time relating to the mobile network Three. So what exactly happened and, if you are a Three customer, are you at risk?
How was Three hacked?
It's not absolutely clear that the network was "hacked", as such. A company spokesman has confirmed that "the perpetrators used authorised logins" to Three's customer databases.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
This means, says the Daily Telegraph, that "an employee login" was used. It is not known whether, and if so how, these access details were stolen.
Did criminals get access to customer data?
Yes – the Telegraph reckons the "private information of two-thirds of the company's nine million customers could be at risk".
Three insists, though, that no financial information is stored in the databases that were accessed, which track when subscribers are due handset upgrades.
The personal data at risk includes "names, phone numbers, addresses and dates of birth".
So what was the point of it?
It was a handset scam. Sky News says "hackers used the information to arrange for eight customer upgrades before intercepting them".
Affected customers are unlikely to lose their right to upgrade, so this amounts to stealing handsets from the mobile network.
Three said the attack was consistent with "increasing levels of attempted handset fraud" in the past month or so, including more "burglaries of retail stores".
I'm a Three customer, am I at risk?
Based on what we know so far, not directly – but watch out for so-called "phishing" scams.
This refers to the practice of fraudsters calling customers and using personal information to convince the victims the call relates to their account in order to trick them into giving up financial information.
Three only "discovered the scale of the problem" on this occasion after customers complained that "scam callers were attempting to gain access to their bank accounts", says the Telegraph.
Stolen personal information also gives rise to risks of identity theft.
Is there a criminal investigation?
Yes – and it has already resulted in arrests.
The National Crime Agency arrested a 48-year-old from Orpington, Kent, and a 39-year old from Ashton-under-Lyne, Manchester, on suspicion of computer misuse offences.
A 35-year old from Moston, Manchester, has also been arrested on suspicion of attempting to pervert the course of justice.
How unique is this?
Not unique at all. TalkTalk was recently fined £400,000 after its own data breach last year, which led to a 17 year-old boy pleading guilty to seven counts of breaching the Computer Misuse Act 1990 at Norwich Crown Court earlier this week.
Vodafone has also been subject to a cyber-attack. A Tesco Bank hack this month led to £2.5m being stolen from customer accounts.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
What should you be stockpiling for 'World War Three'?
In the Spotlight Britons advised to prepare after the EU tells its citizens to have an emergency kit just in case
By Elizabeth Carr-Ellis, The Week UK Published
-
Carnivore diet: why people are eating only meat
The Explainer 'Meatfluencers' are taking social media by storm but experts warn meat-only diets have health consequences
By Elizabeth Carr-Ellis, The Week UK Published
-
Scientists want to fight malaria by poisoning mosquitoes with human blood
Under the radar Drugging the bugs
By Devika Rao, The Week US Published