The British telecommunications powerhouse TalkTalk has announced it is probing a potential data breach following claims from a hacker regarding the theft of sensitive customer information.
A user known by the pseudonym “b0nd” posted on a well-known cybercrime forum, asserting that they had obtained the personal details of over 18.8 million current and former TalkTalk customers. This purported data, which the hacker is reportedly attempting to sell, allegedly comprises customer names, email addresses, IP addresses, phone numbers, and subscriber PINs.
In a statement provided to TechCrunch, a TalkTalk representative, Liz Holloway, verified that the company is looking into this data breach but indicated that the claim of 18.8 million compromised accounts is “completely inaccurate and greatly exaggerated.”
TechCrunch reports that TalkTalk currently has around 2.4 million active customers.
“During our routine security surveillance, and with our ongoing commitment to safeguarding customers’ personal data, we detected unusual access and misuse related to one of our third-party supplier’s systems,” Holloway informed TechCrunch. “Our Security Incident Response team is actively collaborating with the supplier on this issue, and immediate protective measures have been implemented.”
Holloway refrained from disclosing the identity of the third-party supplier, though screenshots released by b0nd indicate that the data breach may have originated from CSG’s Ascendon platform, which is employed by TalkTalk for managing subscriptions.
In a communication to TechCrunch, CSG spokesperson Kristine Østergaard acknowledged that the company became aware of an “unauthorized external access” to data from a single provider on its platform on January 21. However, she asserted that CSG has “no evidence” of any compromise to its systems or any direct responsibility for the TalkTalk breach.
According to TechCrunch, the personal information of only a limited number of TalkTalk customers is housed within Ascendon. Holloway confirmed that “no billing or financial details were stored on this system.”
Previously, TalkTalk faced a £400,000 fine following a 2015 data breach that compromised the personal information of 157,000 customers, which included some financial data. The U.K. Information Commissioner remarked at the time that TalkTalk had neglected to implement “the most basic cybersecurity measures,” making it easy for hackers to infiltrate its systems.
Updated with statement from CSG.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
