“Three are losing customer trust” – Three mobile customers aren’t happy following the data breach

Following on from Three’s data breach, Three’s mobile customers aren’t happy… me included.

Three has had a lot of difficulty in ascertaining the exact amount of customers that were affected by the recent data breach. They’ve confirmed that hundreds of thousands out of their ten million customers could be affected though, so we’re talking big numbers here.

Nature of the breach

Many customers feared their personal information was put at risk when there was suspicious activity on the system in relation to existing customers who were looking for upgrades. The cyber-attackers were able to acquire customer details, although the CEO of Three, David Dyson, has assured customers that no bank details, passwords, pin numbers, payment information, or credit/debit information was stored on the upgrade system.

This doesn’t take away from the fact that customer details were still stolen in a bid to commit further criminal activity by acquiring new handsets fraudulently. The personal information stolen includes names, phone numbers, addresses, and dates of birth.

Customer weren’t immediately informed

Customers who are hearing of the news for the first time are more than bemused by the mobile provider’s action; or should I say, inaction. It’s noted that Three didn’t immediately create a ‘splash message’ to inform customers of the breach, and customers have instead been finding out that their personal information may have been compromised via social media or in the news.

I can’t speak on behalf of everyone, but I suspect that most customers would appreciate it if they were notified by the company without undue delay!

Three has used social media – specifically Twitter – as an initial point of contact. When questioned why, Three said that it’s a method that allows them to contact a large base of their customers quickly. However, there is an undeniable flaw in this method, in that some customers may not be social media users, and as a result, may be left in the dark about the security breach.

Are Three holding back on covering the breach?

Three could be holding back on announcing the breach on their website for various reasons. It could be because they’re playing down the extent of the breach given that we’re being told that no payment information was accessed. Some believe this to be false, as customers had to put in their payment details when applying for an upgrade. With six million Three mobile customers reportedly due for an upgrade, 133,000 seems like a very small number to be affected by the breach. Three could be holding off the announcement because their internal investigations aren’t complete and more customers may be affected than originally anticipated; in theory.

The importance of keeping your customers in the know

By not keeping their customers in the loop well enough, Three are slowly but surely losing their trust; or, even worse, their custom. This is supported in a Thales Survey, where 84 per cent of the British public would consider using a different brand or service in the event of a breach.

With a ten million customer database at risk, Three seem to be treading on very thin ice. This survey should act as a reminder for the huge impact a data breach can have on reputation and brand image, as well as financial penalties.

Sources:

http://www.telegraph.co.uk/technology/2016/11/18/three-mobile-under-fire-for-failing-to-alert-customers-to-data-b/

https://www.vormetric.co.uk/company/newsroom/press-releases/thales-survey-84-of-brits-reconsider-brands-affected-by-data-breaches

http://www.gospelherald.com/articles/68086/20161119/three-mobile-losing-customers-trust-due-recent-data-breach.htm

https://www.theguardian.com/business/2016/nov/18/three-mobile-customer-data-breach-phone-upgrade

ICO fines two employees for a data breach when they used personal data wrongfully

“Adobe’s $1 million fine” – Adobe Systems has been fined for the security breach in 2013