Three suffered a minor data breach yesterday with several customer’s information accidentally shared with other customers. This included names, addresses, phone numbers and call histories through My3 – the operator’s billing control platform for users.
The issue is believed to be a technical issue rather than a result of malicious activity as with Three’s previous data breach. In November last year 133,000 Three customers had their data breached through fraudsters using authorised log-ins to access a list of users due an upgrade. Three people were arrested almost immediately after the fraud incident was discovered.
One customer, Andy Fidley told The Guardian that the My3 app stopped working over the weekend and when he accessed it from a computer, it allowed him to download another user’s bill.
A spokesperson from the operator responded to the issue stating, ‘We are aware of a small number of customers who may have been able to view the mobile account details of other Three users using My3. No financial details were viewable during this time and we are investigating the matter.’
The Information Commissioner’s Office said it will be‘looking into this potential incident involving Three’, the data regulator is capable of dishing out fines of up to half a million pounds in response to data breaches, though this is incredibly unlikely to be a levied against such a small scale breach as this. The record fine handed out by the ICO currently stands at £400,000 to TalkTalk for the cyber attack which saw 157,000 customers affected.