- The alleged customer information of 19 million TalkTalk customers has been discovered online
- However the authenticity of the breach has come into question
- TalkTalk says it is investigating the claims
British broadband and TV giant TalkTalk is investigating a possible data breach after alleged customer information was found for sale on a cybercrime forum.
Reports from The Register have confirmed this breach is suspected to have originated through a third-party vendor, and could affect up to 19 million former and current customers of TalkTalk.
The hacker who posted the data using the handle ‘b0nd’, claims the data contains personally identifiable information (PII), here’s what we know so far.
Another Telco target
The data is said to include PII such as email addresses, full names, IP addresses, phone numbers, and subscriber PINs.
“As part of our regular security monitoring, given our ongoing focus on protecting customers’ personal data, we were made aware of unexpected access to, and misuse of, one of our third-party supplier’s systems, however, no billing or financial information was stored on this system,” TalkTalk told The Register.
“Our security incident response team is continuing to work with the supplier regarding this matter and protective containment steps were taken immediately.”
However the authenticity of the breach has already been called into question, largely due to the size of the dataset, which contains 18.9 million individual’s data, significantly larger than the firm’s current customer base.
Calculations from The Register estimated that since its inception in 2003, TalkTalk has never amassed as many customers as the dataset claims to contain.
“Our investigations are ongoing, however, we can confirm that the number of potential customers referred to in certain online posts is wholly inaccurate and very significantly overstated,” TalkTalk added.
TalkTalk is unfortunately no stranger to data breaches, as it suffered a ‘significant’ cyberattack back in 2015, which led to up to 150,000 of its UK based customers’ data exposed – landing the firm a £400,000 GDPR fine for failing to implement “the most basic cyber security measures,” which allowed hackers to “penetrate its systems with ease.”
It’s not the only major telecommunications firm to run into difficulty lately, with up to 9 firms breached by Chinese state actors in a ‘major incident’ late in 2024.
What to do after a breach
If you think your data may have been compromised in this or any other data breach, there are a few ways you can protect yourself and mitigate any damage.
If your information has been exposed, this leaves you at risk of attackers using your data to commit identity theft, so closely monitoring your bank accounts and credit reports is crucial. Alternatively, checking out our list of best identity theft protections can simplify the process for you.
Without identity theft protection services, if you do notice any suspicious activity on your accounts, you’ll need to call your bank immediately, freeze your credit, change your passwords, and likely file police reports – which can be a rather gruelling process.
Also a concern, are social engineering attacks, most often in the form of sophisticated phishing scams. Once attackers have access to your PII, they can construct scams specifically for you, posing as family members or services that you use regularly.
To protect yourself from these, the key is being vigilant. Ensure to double check the credentials of any emails, texts, or calls you receive – especially ones which are unexpected and require action.
If you’re being offered a deal which is too good to be true or being hit with an emotional plea – be extra cautious in verifying the identity of the sender, and don’t hand your information over to someone you don’t know.
Be extremely careful when clicking links on emails, as this can lead to viruses or malware installed on your device, and can result in further information being taken.
Data breaches are an unfortunate inevitability for anyone with an online presence, so to proactively take steps to protect yourself, making sure you have a strong password is a great way to stay secure. Especially important is making sure you don’t repeat passwords for multiple sites, since this means if one password is exposed in a breach, it’s contained to just that one site, protecting the rest of your data.
For security, a great tool is a multi-factor authentication app, which provides an extra layer of safety for any sensitive information. Yes, they can be a bit of a hassle when you’re scrambling for your phone to access the right code, but they’re a whole lot more convenient than having your bank details stolen.
