Three are experiencing more technical issues and more backlash as customers are reporting another data breach.
Customers are reportedly left fuming as they discovered the data breach after they logged into their accounts to find names, addresses, phone numbers, and call histories of other customers rather than themselves. Three previously came under fire for failing to alert customers of the initial data breach which happened in November 2016; which sounds a little like déjà vu…
Customer accounts
Andy Fidler and Mark Thompson are just one of the few customers who are reportedly upset by the breach. Mr Fidler said that he signed into his online account to find data usage, call, and text history of another customer. Mr Fidler confirmed that he had access to a stranger’s bill, detailing their name, address, how much they were paying, and the phone numbers they rung and texted.
This kind of data can be valuable for fraudsters.
Mr Thompson was notified of this breach when he was called by a fellow customer who said that his details were shown on her account. He said it was a “shocking breach of data privacy”. Mr Thompson wasn’t one to shy away from making Three accountable for its actions when he wrote on Three UK’S Facebook page, saying:
“…care to explain just how my details have been shared, how many people have had access to my personal information, for how long, and how many of your other customers have had their details leaked by yourselves to other members of the public as well?”
Investigations
Three’s spokesman said they were investigating the matter:
“…we are aware of a small number of customers who may have been able to view the mobile account details of other Three users using My3.”
They confirmed that no financial details were apparently viewable.
Responses
Three said it was investigating the technical issue and notified customers to come forward and contact its customer service department.
Following Mr Fidler’s call to the Three’s customer service department, the advice given didn’t seem to give a clear indication of what to do, as he was originally told to delete the bill, but then was given a call back with the instructions: “not to touch my account for a couple of days until they have looked into it”.
The Information Commissioner’s Office (ICO) has been enlisted to look into the incident. The ICO has a general duty to investigate complaints from members of the public who believe that an authority/business has failed comply with the law and to ensure that companies hold personal information securely.
Three’s 2016 data breach
In November 2016, 3 men were arrested for the hacking of 133,000 customer accounts. It’s reported that cyber-hackers used an employee’s login details to “unlawfully access” the customer database who were eligible for a phone upgrade.