UK-based phone, TV and broadband service provider TalkTalk confirmed today that its networks were breached last December. The company said that users’ personal data — including names, addresses, phone numbers and TalkTalk account numbers — was stolen.
A TalkTalk spokesperson said:
“At the end of last year, we saw an increase in malicious scammers preying on our customers. In a small number of cases, customers told us that the criminals were quoting their TalkTalk account number as well as their phone number.
As part of our ongoing approach to security we continually test our systems and processes and following further investigation into these reports, we have now become aware that some limited, non-sensitive information about some customers could have been illegally accessed in violation of our security procedures.
We are aware of a small, but nonetheless significant, number of customers who have been directly targeted by these criminals and we have been supporting them directly.
We want to reassure customers that no sensitive information like bank account details has been illegally accessed, and TalkTalk Business customers are not affected.”
The stolen information was used in several cases by scammers to secure additional customer details like bank account and credit card numbers, and to steal considerable sums of money as well, according to The Guardian.
The company claims it notified all customers via email when the issue of a breach was initially raised. Customers also complained on its online forums about fraudulent calls from scammers claiming to represent TalkTalk. It has since been investigating, a spokesman said.
The Guardian had reported a possible hack at one of TalkTalk’s Indian call centers last December. The company said it was investigating the issue and confirmed that customers were complaining about cases of fraud.
TalkTalk says it has “taken serious steps to remedy this and we are continuing to work with the ICO.”