In November 2016 we became aware of criminal activity on the system we use to upgrade customers to new devices.

The primary purpose of this activity was to order and sell on new handsets fraudulently. As soon as we identified this issue we immediately began working with law enforcement and three arrests were made at the time.

We also contacted 133,827 affected customers and took immediate steps to block this activity and added additional layers of security on the upgrade system and, as a precaution, additional security on all customer accounts.

We have continued to work closely with law enforcement to support the ongoing investigation. During the course of the investigation, additional files were recovered as part of the same activity which we have analysed.

We have contacted a further 76,373 customers to advise them of the new information and apologise for the inconvenience and concern this may cause. No fraudulent activity has been identified against the customers we have contacted today.

We can re-confirm that no financial information, bank details, passwords or pin numbers were viewed or obtained as they are not stored on the upgrade system.

Is this related to the activity discovered in November 2016?

Yes. During the course of the investigation into that activity law enforcement recovered additional files as part of the same activity which we have analysed. No fraudulent activity has been identified against the customers we have contacted.

Why are you announcing this now?

Since November we have been working closely with law enforcement to investigate this issue. During the course of this investigation additional files were recovered. Once we were able to identify affected customers we contacted them.

Could more records have been obtained?

We don’t believe that any additional records were obtained and we continue to work with law enforcement on their ongoing investigations.

What information was obtained?

Information obtained included: Name, address, date of birth, handset type, contract start and end date, upgrade eligibility date, whether they pay by card, cash or direct debit, tariff, billing date and mobile number. No financial information, bank details, passwords or pin numbers were viewed or obtained as they are not stored on the upgrade system.

We have contacted affected customers.

What action should customers take at this point?

We have contacted affected customers to support them. We ask customers to be cautious about anyone contacting them. If it is a call from Three and you are in any doubt that it is genuine, end the call and call us back on 333 from your Three mobile. We advise caution when dealing with other service providers you may use.

As always, customers should never give out any banking information. If affected customers are concerned, we are also making enhanced Noddle credit check services available at no cost. Further information can be found at www.three.co.uk/fraud

How will a customer know if they have been affected?

We have contacted the additional customers affected by this issue by text message and by letter.

Are you working with law enforcement on this matter?

Yes. We have been working with external law enforcement agencies, specifically the NCA and the NCSC. Both organisations provide advice to consumers on how to keep your data safe and protect yourself from fraud. Details of these organisations and what they do can be found at www.ncsc.gov.uk and www.nationalcrimeagency.gov.uk

Three is very grateful for the support these organisations have provided during this investigation.