Mobile telecommunications provider, Three UK, are once more at the centre of a data breach scandal. On the 29th October 2019, customers of the Three mobile network reported an issue with the Three website that gave casual browsers (many of whom had not used the Three website before) to gain access to personal data, including billing information and phone records. Customers voiced their worries publicly on Twitter, which alerted data security journalists at The Register who reported on the blunder.
So far little is known about how many individuals were affected by the breach. Three UK has once stated that they have approximately 10 million customers, meaning that the scope of people affected could be considerable. When pressed for a comment by journalists a spokesperson from Three simply stated that ‘fewer than 10 customers have reported being able to view another customer’s account information’ and that they were further investigating the matter.
Three UK are bound by Regulation 5a pf the Privacy and Electronic Communications Regulations to explain exactly how many people were affected and what they are doing to respond to the issue at hand. The same regulation requires Three UK to inform those users who have been affected by the breach ‘without undue delay’, which, at the time of writing, has not yet happened.
After being informed of the issue the ICO had this to say on the matter:
“We are aware of an incident concerning 3 Mobile and will be assessing the information provided.”
If you’ve been affected by this data breach or a similar one then we may be able to help you claim compensation – get in touch by starting a chat in the bottom right corner, calling us directly on 0151 242 9035 ,or sending us a message using the contact form below.