Three also said that over the last four weeks Three has seen an increasing level of attempted handset fraud. Photograph:( Others )
Three, one of Britain's biggest mobile phone companies, said on Thursday hackers had accessed its customer upgrade database after using employee logins.
The cyber security breach could put the private information of two-thirds of Three's 9 million customers at risk, the Telegraph said, citing sources familiar with the incident.
"This upgrade system does not include any customer payment, card information or bank account information," Three spokesman Nicholas Carter told Reuters in an email.
The company, part of CK Hutchison Holdings Ltd, said that over the last four weeks Three has seen an increasing level of attempted handset fraud.
"To date, we have confirmed approximately 400 high-value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity," Carter said.
"This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices."
Britain's data protection regulator fined broadband provider TalkTalk Telecom Group Plc 400,000 pounds ($496,200) in October for security failings that enabled a cyber attack last year which affected around 4 percent of the company's 4 million customers and cost it around 60 million pounds.