Upgrade Fraud.

Investigation: Update


In November 2016 we became aware of criminal activity on the system we use to upgrade customers to new devices.

The primary purpose of this activity was to order and sell on new handsets fraudulently. As soon as we identified this issue we immediately began working with law enforcement and three arrests were made at the time.

We also contacted affected customers and took immediate steps to block this activity and added additional layers of security on the upgrade system and, as a precaution, additional security on all customer accounts.

We have continued to work closely with law enforcement to support the ongoing investigation into this issue.

During the course of the investigation additional files were recovered which we have analysed and identified that information from a number of other customer accounts were obtained as part of the same activity.

We can re-confirm that no financial information, bank details, passwords or pin numbers were viewed or obtained as they are not stored on the upgrade system.

We have written to these affected customers to tell them what information was obtained and apologise for the inconvenience and concern this may cause.

If you are concerned about the impact this may have on you, there are a number of steps you can take.

We would recommend you monitor all your accounts for any suspicious activity, you should be wary of people calling and asking for any personal information or banking details – even if they say they are from a company you regularly deal with and you should change any passwords you have regularly.

Is this related to the activity discovered in November 2016?

Yes. During the course of the investigation into that activity law enforcement recovered additional files as part of the same activity which we have analysed. No fraudulent activity has been identified against the customers we have contacted.

When did you discover additional information had been obtained?

We contacted affected customers once we identified them from the additional files recovered by law enforcement.

When will I know if I am impacted?

We have contacted the additional customers affected by this issue by text message and by letter. We have put in place enhanced controls to protect your mobile account and assure you that Three takes the security of your data very seriously.

If I am one of those whose details were compromised, how can I make myself more secure?

The primary purpose of this was not to steal customer information but was criminal activity to order and sell on new handsets fraudulently.

However, we ask customers to be cautious about anyone contacting them. If it is a call from Three and you are in any doubt that it is genuine, end the call and call us back on 333 from your Three mobile. We advise caution when dealing with other service providers you may use.

We have contacted those customers who have been affected by this incident. We would recommend that, if you haven’t created passwords or an account PIN (personal identification number) on your Three account that you do so as a precaution. You may wish to change any existing PINs or passwords on your account to further safeguard your details.

Are you working with law enforcement on this matter?

Yes. We have been working with external law enforcement agencies, specifically the NCA and the NCSC. Both organisations provide advice to consumers on how to keep your data safe and protect yourself from fraud. Details of these organisations and what they do can be found at www.ncsc.gov.uk and www.nationalcrimeagency.gov.uk

Three is very grateful for the support these organisations have provided during this investigation.

Should customers cancel their credit/debit cards?

We would reassure customers that no financial or card information has been accessed.

If you are concerned about the impact this may have on you, there are a number of steps you can take. We would recommend you monitor all your accounts for any suspicious activity, you should be wary of people calling and asking for any personal information or banking details – even if they say they are from a company you regularly deal with and you should change any passwords you have regularly.