Hack compromised the details of ‘only’ 157,000 customers, not four million as originally thought
TalkTalk has scaled down its estimate of the number of customers whose details were compromised by the damaging website hack that it suffered last month.
The company now says that the total number of customers whose personal details were accessed is 156,959, and that of these , 15,656 bank account numbers and sort codes were accessed; and 28,000 obscured credit and debit card numbers were accessed (but these cannot be used for financial transactions).
The remaining stolen customer details include names, addresses, date of birth, telephone number and email addresses. However the ISP insisted that TalkTalk My Account passwords were not accessed during the hack.
TalkTalk’s website was hacked on Wednesday 21 October, and it was initially thought that four million customer details had been compromised.
TalkTalk later scaled down this estimate and said that less than 21,000 bank account numbers and sort codes, less than 28,000 partial card details, less than 15,000 dates of birth and less than 1.2 million email addresses, names and phone numbers had been stolen.
But the ISP now says that following investigations by its own team and the Metropolitan Police, it can now confirm that the total number of customers whose personal details were accessed is 156,959.
“Our ongoing forensic analysis of the site confirms that the scale of the attack was much more limited than initially suspected, and we can confirm that only 4 percent of TalkTalk customers have any sensitive personal data at risk,” said the ISP. “However, we continue to advise customers to be vigilant, and to take all precautions possible to protect themselves from scam phone calls and emails.”
“We have now contacted all customers who have had financial details accessed, reiterating our advice on what to do to keep themselves safe,” said TalkTalk. “The financial information accessed cannot on its own lead to financial loss. We will be contacting all other affected customers in the coming days.”
The repercussions from the TalkTalk hack continue to be felt, weeks after the cyber attack.
Earlier this week, MPs on the Culture, Media and Sport Committee announced they will hold an inquiry into cyber security following the TalkTalk website hack.
Meanwhile a fourth suspect has been released on bail after detectives from the Metropolitan police cybercrime unit and officers from the National Crime Agency arrested a 16-year-old boy in Norwich.
Are you a security pro? Try our quiz!