TalkTalk says scale of data theft less than thought, but hackers still get more than 20,000 bank account details in cyber attack
TalkTalk has confirmed how much data was stolen in last week’s cyber attack on its website and says the theft is significantly less than originally suspected.
It had been thought all four million of the company’s customers were at risk, but TalkTalk has been keen to downplay the potential scale of the attack and defend its security arrangements.
It says less than 21,000 bank account numbers and sort codes, less than 28,000 partial card details, less than 15,000 dates of birth and less than 1.2 million email addresses, names and phone numbers were stolen.
Customers have been told the data stolen is not sufficient for criminals to steal money and has shared all affected account details with the UK’s major banks. It has urged those affected to remain vigilant for phishing scams and has offered 12 months free credit monitoring.
“Given the potential size of this attack, we decided to be as open, honest and transparent as we could because we wanted to keep our customers informed and ensure they had the advice and support they need,” explained TalkTalk CEO Dido Harding. “Today we can confirm that the scale of attack was much smaller than we originally suspected, but this does not take away from how seriously we take what has happened and our investigation is still on going.
“On behalf of everyone at TalkTalk, I would like to apologise to all our customers. We know that we need to work hard to earn back your trust and everyone here is committed to doing that.”
TalkTalk has received ransom demands from those claiming to be responsible for the attack, but it is unclear who has been the perpetrator. Two teenagers have so far been arrested in connection with the incident but neither has yet been charged.
The Metropolitan Police Cyber Crime United (MPCCU) and the Information Commissioner’s Office are investigating.