TalkTalk launched an investigation after a hacker claimed to have stolen the personal information of millions of customers.
U.K. telecom company TalkTalk is investigating a potential data breach after an individual claiming to be a hacker posted on a popular cybercrime forum that they had stolen the personal data of millions of current and former customers. The claim was made by a user going by the alias “b0nd.”
The hacker alleged they had accessed personal details, including customer names, email addresses, IP addresses, phone numbers, and subscriber PINs, and were selling this data. TalkTalk strongly refuted the hacker’s claim that more than 18.8 million records were accessed.
TalkTalk disputes hacker’s claims
In a statement, TalkTalk spokesperson Liz Holloway said the company is taking the matter seriously but added that the figure of 18.8 million records is “wholly inaccurate and very significantly overstated.” Holloway noted that TalkTalk currently serves approximately 2.4 million customers, far fewer than the claimed number.
“As part of our regular security monitoring, given our ongoing focus on protecting customers’ personal data, we were made aware of unexpected access to, and misuse of, one of our third-party suppliers’ systems,” Holloway explained. She added that the company’s Security Incident Response team has been working with the supplier to contain the situation and investigate the breach.
While Holloway did not name the supplier involved, screenshots shared by the hacker suggest the breach may have originated from CSG’s Ascendon platform. TalkTalk uses this platform for subscription management and stores data for a subset of its customers.
No financial information compromised
TalkTalk reassured customers that no billing or financial details were stored on the affected system. “The personal details of a small subset of TalkTalk customers are stored in Ascendon,” Holloway said.
CSG, the provider of the Ascendon platform, has not yet responded to media inquiries about the breach.
This is not the first time TalkTalk has faced scrutiny over data security. In 2015, the company was fined £400,000 by the U.K.’s Information Commissioner’s Office after a data breach exposed the personal information of 157,000 customers. At the time, the ICO criticised TalkTalk for failing to implement basic cybersecurity measures, making it easy for hackers to infiltrate its systems.
As the current investigation continues, TalkTalk has assured customers that protective measures have been taken to address the issue.
