Mobile network provider Three has come under pressure after it was revealed that more than 130,000 customers had their account details stolen by cyber-criminals, who then used the information to fraudulently purchase high-value smartphone handsets in their victims’ names.
The company, which has nine million customers in the UK, admitted that fraudsters had accessed its database using a stolen employee log-in before harvesting personal customer data. Since the leak at the end of November, the National Crime Agency (NCA) has undertaken an investigation which has resulted in three arrests; however, many critics are now asking how such a large organisation failed to do more to prevent a widespread breach.
The attack on Three comes a year after Internet Service Provider (ISP) TalkTalk, also fell victim to catastrophic cyber-breach. In October 2015, 157,000 customers had personal data—including bank account numbers and sort codes—stolen after cyber-criminals were able to gain access to the organisations systems. As a result, the company lost an estimated £60 million and was fined £400,000 by the Information Commissioner’s Office (ICO) for its security failings.
As the investigation into the latest large-scale cyber-attack goes on, it remains unclear how severe the ramifications for the mobile network provider will be. However, what is clear is that more needs to be done to monitor cyber-attacks and raise the alarm before customers find themselves at risk and out of pocket.
Andy Gent, CEO and Founder of Revector—a company that specialises in providing mobile anti-fraud and revenue protection services—said: “Unfortunately, sophisticated large-scale cyber-attacks are becoming increasingly common, which is having an extremely detrimental effect on consumers. The telecommunications industry needs to revert to a zero trust approach, whereby it operates on the basis that every user’s data has the potential to be compromised. Only by tackling flaws in cyber-security head on and investing in the latest technologies can we begin to see progress.”
Revector is developing its own unique suite of cyber-protection services for businesses, to prevent critical information being stolen and to keep vital networks secure and free from fraudulent activity. More details on this will be announced soon!
Editorial credit: Willy Barton / Shutterstock.com