UK mobile operator Three has said an ongoing investigation into last year’s handset fraud attempt has revealed more customers were affected.
Details of a further 76,373 customers have been found to have been compromised, Three said, but no fraudulent activity has been identified.
It said the information the criminals had accessed included names, addresses, dates of birth, contract start and end dates, how customers had paid for bills and mobile numbers.
Three said no financial information, bank details, passwords or pin numbers were viewed or obtained.
It reiterated that accessing customer data was not the primary aim of the fraud attempt, which was focused on ordering and selling on new handsets illegally.
Three said it had contacted the customers affected.
Last November, the operator revealed that the details of 133,827 customers were at risk after criminals accessed the system it uses to upgrade customers to new devices.
Three arrests have been made.
The operator said it had added additional layers of security to the upgrade system and to all customer accounts.
“We ask customers to be cautious about anyone contacting them,” Three said in a statement.
The UK’s Information Commissioner’s Office (ICO) is investigating the episode.
Last year, the ICO fined TalkTalk £400,000 for security failings related to a cyber attack in 2015.