News
CEO says attackers were trying to fraudulently acquire handsets, not steal user data.
3UK CEO Dave Dyson late last week confirmed the exact number of customers affected by the operator’s recent data breach is 133,827.
The company last week revealed that fraudsters used authorised logins to access its handset upgrade system for the purpose of stealing high-end smartphones.
In the attack, eight customers were unlawfully upgraded to a new device, which the criminals intended to intercept and sell on.
"Once we became aware of the suspicious activity, we took immediate steps to block it and add additional layers of security to the system while we investigated the issue," Dyson said, adding that "information from 133,827 customer accounts was obtained" during the attack.
However, "no bank details, passwords, PIN numbers, payment information or credit/debit card information are stored on the upgrade system in question," he insisted. "We believe the primary purpose of this was not to steal customer information but was criminal activity to acquire new handsets fraudulently."
According to the National Crime Agency (NCA), three arrests have already been made in connection with the cyberattack.
"I understand that our customers will be concerned about this issue and I would like to apologise for this and any inconvenience this has caused," Dyson said.
