Three UK data breach lets criminals intercept customers' upgrade orders

Three British men have been arrested and bailed as part of a police investigation into a data breach at network operator Three UK, BBC News reports. But far from being your average hack of customer data intended to harvest financial details, the group responsible accessed a database of customers due a phone upgrade, then used this information to "unlawfully intercept" their upgrade orders through store burglaries and other means.

More than 400 handsets stolen over a four-week period.

In a press release issued today, Three said that over the process had been going on over the past four weeks, during which time "400 high value handsets" were stolen through burglaries of stores, while eight phones were "illegally obtained through the upgrade activity."

Three insists customers' financial details were not compromised during the initial data breach, adding that it's taken measures to strengthen its security and prevent similar issues in future. The perpetrators used valid staff logins to access its upgrade systems, Three says.

This method is fairly unsophisticated by the standards of other high-profile data breaches, which target personal details and financial data like credit card and bank account numbers. Instead what's notable in this case is the use of compromised customer info to steal real world goods, which would presumably then be sold on.

Three says it's investigating how many customers may have been affected, and will be contacting them as soon as possible.

Alex Dobie
Executive Editor

Alex was with Android Central for over a decade, producing written and video content for the site, and served as global Executive Editor from 2016 to 2022.