The company, which has millions of UK subscribers, say that said no financial information such as bank account details were accessed in the data breach, which affected more than 130,000 customers.
The National Crime Agency are currently investigating the attack and three people have been arrested.
Three have reassured customers that their details are not at risk. If you're a customer with Three:
Change your password for your online accounts. Make sure it’s unique and strong. For advice on creating a password visit GetSafeOnline: https://www.getsafeonline.org/protecting-yourself/passwords/
Contact your bank/credit card company so that they can monitor for suspicious activity on your account.
Monitor your account for any suspicious or unexpected activity.
Watch out for signs of identity crime. Use Experian, Equifax or Noddle to check your credit rating to make sure no one has applied for credit in your name.
If you think you have fallen victim to fraud, report it to Action Fraud (http://www.actionfraud.police.uk/report_fraud) and get a police crime reference number.
Beware of fraudsters that claim to help
Fraudsters often try to take advantage of a publicised large-scale cyber attack by sending emails or making calls that claim to be from the affected company to help protect you from the hackers.
Look out for targeted phishing emails. If you receive an email that claims to be from Three, never reply with your full password, login details or account details. Don’t click on any links as you could end up downloading a virus.
Be wary of anyone calling asking for personal information, bank details or passwords. If in doubt, just hang up.
If you receive a call or email from Three, treat it with caution. Do not respond with personal information, particularly passwords or banking details.