Almost 134,000 Customers’ Info Breached in Phone Scam

Three, one of the U.K.’s largest mobile services providers, confirmed that almost 134,000 customers’ information was compromised in a scheme to steal phones, according to reports.

“We believe the primary purpose of this was not to steal customer information but was criminal activity to acquire new handsets fraudulently,” Three CEO Dave Dyson said in a statement.

Bad actors accessed the company’s phone upgrade system, which doesn’t contain financial information like bank accounts or passwords, according to the Guardian. Three said eight customers had been “unlawfully upgraded” to new phones.

For most customers, the compromised information could include name, billing date, which phone they use, and contract start and end dates, but for almost 27,000 customers, more information could have been accessed, ZDNet reports. Those additional personal details could include address, date of birth, email address, previous address, marital status and employment status.

The National Crime Agency arrested three men as part of the investigation.