The UK's data watchdog is probing an incident with telecommunications provider Three, which is facing criticism from customers who claim to have been presented with the personal information of complete strangers after logging into their accounts.
"We are aware of a small number of customers who may have been able to view the mobile account details of other Three users using My3," a spokesperson confirmed. "No financial details were viewable during this time and we are investigating the matter."
On the firm's official Facebook page, a number of customers raised concerns about the issue.
Mark Thompson, one frustrated commenter, complained after he received a call from a female stranger who accessed his details after logging into her account.
He wrote: "Care to explain just how my details have been shared, how many people have had access to my personal information, for how long, and how many of your other customers have had their details leaked by yourselves to other members of the public as well?"
Thompson called the incident a "shocking breach of data privacy."
Another man, writing under the name Dazz Burns, wrote on the firm's social media page: "Why do I have someone else's details when I log onto my3?"
Speaking to The Guardian, another customer called Andy Fidler said he was able to see another person's details when he logged in on 19 March (Sunday). He claimed this included text histories and data statistics. He accessed their phone bill which also exposed names, addresses and more.
Fidler said bank details were not available but that he was still concerned. "Who on earth has got my bill?" he questioned. The Information Commissioner's Office (ICO), which has the legal powers to fine companies for data misuse, said it is now looking into the potential incident.
A spokesperson elaborated: "Data protection law requires organisations to keep any personal information they hold secure. It's our job to act on behalf of consumers to see whether that's happened and take appropriate action if it has not."
It's not the first time this year that Three has been in hot water over the exposure of customer data. Earlier this month, the firm admitted a November 2016 breach of its computer systems was broader in scope than previously believed, with over 200,000 people impacted in total.
The UK National Crime Agency (NCA) arrested three suspects in relation to a scheme which centred on hacking into its systems used to upgrade customers to new devices. The criminals would use this information to intercept packages in transit then sell off the handsets for profit.
"We ask customers to be cautious about anyone contacting them. If it is a call from Three and you are in any doubt that it is genuine, end the call and call us back on 333 from your Three mobile. We advise caution when dealing with other service providers," Three UK said.
IBTimes UK contacted Three UK for more information however recieved no reply at the time of publication.