The hackers accessed the customer upgrade database through an employee login, according to The Daily Telegraph.
Sources said the incident has put at risk the data of up to two thirds of the company’s nine million customers.
Three said the hackers accessed data including names, phone numbers, addresses and dates of birth, but no financial information was accessed.
The major security breach comes after a hack on rival TalkTalk, which was fined £400,000 last month for poor website security that led to the theft of the personal data of around 157,000 customers.
The hackers of the Three network have been using the data to access customer accounts to upgrade their contracts and intercept the new phones that were sent out.
The National Crime Agency has arrested three people in relation to the hack, two for computer misuse and one for perverting the course of justice.