14 DAY TRIAL // The Three Mobile handset fraud disclosed last November is a lot worse than originally thought, as the list of affected customers grew by tens of thousands.
According to the mobile operator, 76,373 new customers were affected by the issue, 57% more than originally estimated last year. The new numbers come as a result of an inside investigation into the matter.
While the investigation continues to unfold, the experts don't believe any more customers will be revealed as having been affected.
"We have continued to work closely with law enforcement to support the ongoing investigation. During the course of the investigation, additional files were recovered as part of the same activity which we have analyzed," reads the company's statement.
No banking data, but plenty of personal info
Back in November 2016, Three Mobile revealed that it had discovered criminal activity on a system used to upgrade customers to new devices. Three said at the time that data of 133,827 people had been accessed due to the issue. In total, the number has passed 200,000.
The data affected includes customer names, addresses, dates of birth and method of payment, data that could very well be used elsewhere. Thankfully, Three says that bank details and passwords were not obtained by criminals, so there's a small silver lining to this cloud. Customers were immediately advised to be cautious about anyone contacting them so they could avoid being subject to additional schemes.
The company said that they found no fraudulent activity taking place specifically on customer accounts, but extra caution should be exercised.
"As always with this type of data breach the focus seems to be on financial information 'not' being obtained, but when you look at names, addresses, dates of birth and methods of payment (the actual data that was stolen) the bank details are the easiest to change! The type of info we either would not or could not change is being sold, traded, stored or accessed online by cybercriminals to build a profile of you the victim, it is then reused much later down the line often to get more information that can be used either for financial gain or identity theft. Spam or nuisance calls are usually met with instant dismissal when the terms or greetings are generic or details vague, but when presented with tangible or recognisable snippets of proof it’s much more likely the end user will be successfully duped into giving away something much more valuable," said Mark James, IT security specialist at ESET.