Mobile phone operator Three has revealed it refused to pay a ransom to hackers that targeted its Danish arm.
Personal details of around 3,600 Danish customers were stolen by cyber criminals, the company said. But it refused to pay them "millions" not to publish the data, instead handing details of the data breach over to police.
Names, addresses and social security numbers alongside phone and email details were stolen by the hackers, the company said, but added bank details were not included in the information accessed.
"After dialogue with the police, our assessment is that the blackmail threat is real and that the perpetrators actually are in possession of the data," Three said in a statement.
The operator's UK arm was subject to a cyber attack last November with data from as many as two-thirds of the firm's 9m UK customers believed to have been accessed.
After investigating the matter, Three subsequently clarified information from133,827 accounts had been obtained. The firm also confirmed that while today's hack in Denmark accessed similar information, it was unrelated to the UK breach.
Nevertheless, Three was still working to find out exactly what had happened. The company said:
We currently do not how or criminals came into possession of the information.
Customers will not be allowed to leave their contracts in the wake of the data breach and neither will they receive any compensation, the company said.