UK MOBILE OPERATOR Three has confirmed that 133,827 were affected by the hack on its systems last week, way lower than the original six million figure reported.
Three first confirmed news of the breach on Thursday, revealing that hackers used an employee log-in to gain entry into its database of customers eligible for a phone upgrade.
Since, the company has revealed that 133,827 customers were affected by the attack. 107,102 of these customers saw details pilfered including contract start and end date, Three account number and billing date.
The remaining further 26,725 customers weren't quite so lucky, with hackers accessing data including address, data of birth, email address and telephone number.
Three has been keen to reiterate, however, that no payment information was accessed in the breach.
Dave Dyson, Three CEO, commented: "I understand that our customers will be concerned about this issue and I would like to apologise for this and any inconvenience this has caused.
"Once we became aware of the suspicious activity, we took immediate steps to block it and add additional layers of security to the system while we investigated the issue.
"On 17th November we were able to confirm that 8 customers had been unlawfully upgraded to a new device by fraudsters who intended to intercept and sell on those devices.
"We believe the primary purpose of this was not to steal customer information but was criminal activity to acquire new handsets fraudulently.
"We have been working closely with law enforcement agencies on this matter and three arrests have been made."
The National Crime Agency (NCA) is investigating the breach and said last week that three people have been arrested.
A spokesman for the NCA said: "On Wednesday 16 November 2016, officers from the NCA arrested a 48-year-old man from Orpington, Kent and a 39-year-old man from Ashton-under-Lyne, Manchester on suspicion of computer misuse offences, and a 35-year-old man from Moston, Manchester on suspicion of attempting to pervert the course of justice.
"All three have since been released on bail pending further enquiries. As investigations are ongoing, no further information will be provided at this time."
The hack follows a breach at TalkTalk in October 2015, when hackers stole the details of more than 150,000 customers, including those for the bank accounts of around 15,000 people.
The firm was fined £400,000 last month by Britain's data protection regulator for security failings it said had allowed customers' data to be accessed "with ease". µ
Under pressure, pushing down on me, pushing down on my screen
Keep an eye on that neighbour who's been talking about making a killer drone...
WiFi, why Delilah
We've only been waiting two years