TalkTalk says small but significant number of customers are affected but stresses no payment details have been stolen
TalkTalk has confirmed that a “small but significant” number of customers have had their account details compromised by hackers intent on using stolen information to initiate social engineering attacks.
The ISP is contacting all of its customers to inform them of the situation but stresses that no bank account details have been accessed and that none of its business users are affected by the breach. It is unclear just how many subscribers are at risk.
The company told TechWeekEurope it became aware of an increase in scams targeting its customers late last year, with customers contacted by criminals quoting genuine account numbers in a bid to extract further information, such as bank details, from the intended victim.
TalkTalk says it has now shut down the activity and is taking action against the organisation it believes is behind the scams.
“As part of our ongoing approach to security we continually test our systems and processes and following further investigation into these reports, we have now become aware that some limited, non-sensitive information about some customers could have been illegally accessed in violation of our security procedures,” said a company spokesperson. “We are aware of a small, but nonetheless significant, number of customers who have been directly targeted by these criminals and we have been supporting them directly.
“We want to reassure customers that no sensitive information like bank account details has been illegally accessed, and TalkTalk Business customers are not affected.
“We have taken serious steps to remedy this and we are continuing to work with the ICO (Information Commissioner’s Office). We want to help our customers protect themselves from scams so we are writing to all customers again to warn them about this criminal activity, with full advice, support and a reminder of the many free service TalkTalk offers to try to stop malicious scams reaching them.”
A spokesperson for the Information Commissioner’s Office said: “We are aware of a possible data breach involving TalkTalk and are making enquires into the circumstances.”