TalkTalk Data Breach Investigation | Customer Data Theft Claim

TalkTalk Investigates Potential Data Breach Affecting Customer Information

TalkTalk, a leading telecommunications provider in the U.K., has acknowledged an ongoing investigation into a potential data breach. This follows a claim made by a hacker regarding the theft of personal data belonging to a substantial number of its customers.

Hacker Claims Data Theft

An individual identifying as “b0nd” posted on a prominent cybercrime forum, as reported by TechCrunch. The post alleges the acquisition of personal data from over 18.8 million current and former TalkTalk subscribers.

The data purportedly includes sensitive information such as customer names, email addresses, IP addresses, phone numbers, and subscriber PINs. The threat actor is reportedly offering this data for sale.

TalkTalk's Response

TalkTalk spokesperson Liz Holloway confirmed the investigation in a statement to TechCrunch. However, the company disputes the hacker’s claim of 18.8 million affected individuals, characterizing the figure as “wholly inaccurate and very significantly overstated.”

Current estimates indicate TalkTalk serves approximately 2.4 million customers.

“We became aware of unauthorized access and misuse of systems belonging to one of our third-party suppliers during routine security monitoring,” Holloway explained. “Our Security Incident Response team is actively collaborating with the supplier, and immediate containment measures were implemented.”

Third-Party Supplier Involved

While Holloway refrained from disclosing the supplier’s name, evidence shared by “b0nd” suggests the breach originated from CSG’s Ascendon platform. TalkTalk utilizes this platform for managing subscriptions.

CSG's Statement

CSG spokesperson Kristine Østergaard stated that the company detected unauthorized access to data hosted on a CSG platform by an external party on January 21. However, CSG maintains it has “no evidence” of compromised systems or direct responsibility for the TalkTalk breach.

It is understood that a limited portion of TalkTalk customer details are stored within Ascendon. Holloway confirmed that no billing or financial information was present on this particular system.

Previous Data Breach

TalkTalk faced a £400,000 fine following a 2015 data breach. This earlier incident involved the theft of personal data, including some financial details, from 157,000 customers.

The U.K.’s Information Commissioner criticized TalkTalk at the time, citing a failure to implement fundamental cybersecurity protocols. This lack of security allowed hackers to easily infiltrate their systems.

This article has been updated to include a statement from CSG.