At-risk phone customers made safe after data breach investigation

24 Nov 2017 04:26 PM

Two brothers who stole upgrade information from a mobile phone network were found guilty after National Crime Agency (NCA) officers traced the theft to their computers.

Between 18 October and 11 November 2016 Scott Pullen, 41, of Manchester, and John Pullen, 48, of Kent, used automated software to sweep Three’s database and steal data on upgrades.

Scott Pullen, whose job as a data merchant was to find sales leads for phone companies, tried to get ahead of his competitors by illegally accessing Three’s data.

John Pullen made the automated tool which let Scott mine Three’s systems for information.

NCA officers arrested the brothers in November last year and on seeing Scott Pullen’s database contacted several private sector firms to tell them they had also suffered data breaches.

There is no suggestion either Pullen was responsible for the other breaches.

Scott Pullen was ordered to perform 200 hours of community service by Thameside Magistrates Court in August.

John Pullen was sentenced at Croyden Crown Court on 17 November to 4 months in prison, suspended for 12 months, and was ordered to perform 200 hours of community service.

Andrew Shorrock, operations manager at the NCA, said: “Three took the important and still relatively uncommon step of voluntarily and quickly reporting a cyber attack to law enforcement.

“This meant we could find the culprits and alert private sector firms to their data being sold online, allowing the companies to increase security around customer accounts.

“This investigation has added to NCA knowledge of the marketplace for stolen data which will help us to detect and bring to justice those who exploit people in this way.”