The mobile operator has confirmed 133,827 customer accounts had their information accessed in the incident. Initial reports feared the hack could have exposed up to six million customer accounts.
Fraudsters were able to obtain information including the customer’s name, address, date of birth, gender, handset type, contract start and end date, telephone number, email address, previous address, marital status and their employment status.
Three said no bank details, passwords, pin numbers, payment information or credit and debit card information was exposed.
Suspicious activity on the system Three uses to upgrade existing customers to new devices was part of a scam by fraudsters to unlawfully upgrade Three customers and intercept and sell on their devices.
Three has identified eight customers who fell victim to the scam.
Dyson said: "We believe the primary purpose of this was not to steal customer information but was criminal activity to acquire new handsets fraudulently.
"I understand that our customers will be concerned about this issue and I would like to apologise for this and any inconvenience this has caused.
"Once we became aware of the suspicious activity, we took immediate steps to block it and add additional layers of security to the system while we investigated the issue. We have been working closely with law enforcement agencies on this matter and three arrests have been made."