United Kingdom-based telecom giant, TalkTalk, has launched an investigation into a suspected data breach after a hacker, identified as âb0nd,â claimed to have stolen personal information belonging to millions of its customers.
The alleged hacker, in a post on a popular cybercrime forum, claimed to have exfiltrated data from more than 18.8 million current and former subscribers of TalkTalk. The compromised data reportedly includes customer names, email addresses, IP addresses, phone numbers, and subscriber PINs. The hacker is said to be offering the stolen information for sale.
Responding to the claim, TalkTalk spokesperson Liz Holloway dismissed the figure as âwholly inaccurate and very significantly overstated.â She further noted that the company currently has about 2.4 million customers and is conducting a thorough investigation to determine the scale of the breach.
Holloway stated, âAs part of our regular security monitoring, and given our ongoing focus on protecting customersâ personal data, we were made aware of unexpected access to, and misuse of, one of our third-party suppliersâ systems. Our Security Incident Response team is working with the supplier, and protective containment steps were taken immediately.â
While the company declined to disclose the identity of the third-party supplier, evidence shared by the alleged hacker indicates that the breach originated from CSGâs Ascendon platform, which TalkTalk uses for subscription management.
Kristine Ăstergaard, a spokesperson for CSG, confirmed that an âexternal party gained unauthorized access to a single providerâs data residing on a CSG platformâ on January 21. However, she stated that CSG has âno evidenceâ of its systems being compromised or that the breach stemmed from its platform.
TalkTalk clarified that only a small subset of customer data is stored on Ascendon and assured that no billing or financial information was affected by the breach.
This latest incident adds to TalkTalkâs troubled cybersecurity history. In 2015, the company suffered a data breach that exposed the personal information of 157,000 customers, including some financial data. The breach led to a ÂŁ400,000 fine by the U.K.âs Information Commissioner, who criticized TalkTalk for failing to implement âbasic cyber security measures,â which left its systems vulnerable to attack.
The companyâs ongoing investigation seeks to uncover the full extent of the breach and implement measures to prevent further incidents.