According to UK media reports, Three Mobile was hijacked by hackers who, according to the National Crime Agency (NCA), gained access to a database containing account data from six million customers.
Posts do not report stolen payment information such as card numbers but hackers have access to customer names, addresses, phone numbers, and birthdates.
It is believed that the hackers who used the database to discover the customers who were entitled to upgrade the device with a subsidy. Then the items were changed in orders for new phones to go to their own addresses, earning enough money from their resale.
Three Mobile has seen an increase in phone theft devices from upgrades lately, of which at least eight cases (device upgrades) were stolen when shipped to the recipient. Increases were also noticed in thefts made at retail outlets.
The National Crime Agency (NCA) arrested two men, one from Kent's Orpington, and one from Ashton-under-Lyne, Manchester, with three Mobile computer frauds. He also took a third party to block investigations.
Such scams are not unknown. In 2014, employees of a company that worked with AT&T were found to have stolen account information to unlock and resell stolen phones.
Earlier this year, another mobile operator in the United Kingdom, TalkTalk lost more than 60 million pounds as a result of a violation of 2015 and exposed account data from 156.000 customers.