UK mobile company Three has fallen victim to a major data breach, with up to six million customers reported to have been affected.

Data that has been accessed includes names, phone numbers, addresses and birth dates.

Three said that fraudsters were able to retrieve the information by logging into a database listing the names of customers who were entitled for a phone upgrade.

Three men have subsequently been arrested by the National Crime Agency (NCA), in connection with the data breach.

According to the BBC, Three is now investigating exactly how many of its nine million customer accounts were accessed.

A spokesman for Three said: “Over the last four weeks, Three has seen an increasing level of attempted handset fraud.

“This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices.

“To date, we have confirmed approximately 400 high-value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity”.

The UK mobile operator is the latest company to fall victim to a cyberattack. Last year, TalkTalk saw over 150,000 of its customers have their personal details compromised.

Recently, a 17-year old boy admitted to being behind the TalkTalk cyberattack, describing it at the time as “a passion”.

The teenager pleaded guilty to seven offences, admitting to Norwich Youth Court in the UK that he “didn’t think of the consequences” behind the attack.

TalkTalk, for its part, was fined a record £400,000 for not having in place adequate cybersecurity measures.