Mobile network Three has become the latest high-profile victim of a major cyber-security attack.
The breach could put the private information of two-thirds of the company’s 9m customers at risk, the Daily Telegraph reported.
Three men have reportedly been arrested in connection with the data breach.
The company, part of CK Hutchison Holdings, has circulated a statement saying:
Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices. We've been working closely with the police and relevant authorities. To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity.
In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three's upgrade system. This upgrade system does not include any customer payment, card information or bank account information.
Last month, TalkTalk was fined a record £400,000 by the Information Commissioner's Office for failing to prevent a high-profile cyber attack last year.