Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Fraudsters Target TalkTalk Customers After Data Breach

TalkTalk, a telecommunications and broadband company serving 4.2 million customers in th UK, confirmed this week that it has suffered a data breach, which exposed names, phone numbers, addressees and account numbers of its customers.

TalkTalk, a telecommunications and broadband company serving 4.2 million customers in th UK, confirmed this week that it has suffered a data breach, which exposed names, phone numbers, addressees and account numbers of its customers.

The company, which provides fixed line broadband, voice telephony, television and mobile services to consumers and businesses in the UK, confirmed reports that the breach originated from a third party contractor which had legitimate access to its customer accounts. The data has now apparently fallen into the hands of fraudsters who are targeting individuals with personalized scams.

The company has taken legal action against the supplier and told SecurityWeek that “proceedings are ongoing.”

TalkTalk did not name the supplier in question, but UK newspaper The Guardian reported in December that a possible data breach may have emerged from one of its Indian call centers, which now appears to be the case.

“At the end of last year, we saw an increase in malicious scammers preying on our customers,” a TalkTalk spokesperson told SecurityWeek. “In a small number of cases, customers told us that the criminals were quoting their TalkTalk account number as well as their phone number.”

After conducting an investigation, the company discovered that information about some customers had, in fact, been illegally accessed in violation of TalkTalk’s security procedures.

“We are aware of a small, but nonetheless significant, number of customers who have been directly targeted by these criminals and we have been supporting them directly,” the spokesperson said.

Bank account details did not appear to be illegally accessed, and the company said that its TalkTalk Business customers were not affected.

Advertisement. Scroll to continue reading.

The Guardian reported on Friday that one TalkTalk customer was taken for £2,800 by a scammer, and that his bank (Santander) refused to compensate him for the losses. 

“This is yet another reminder that a business is only as secure as the weakest link in its supply chain,” Andrew Avanessian, EVP of consultancy and technology services at Avecto, told SecurityWeek. “It is a matter of access in this case. There are still too many businesses giving third parties unnecessary access to their corporate systems, and determined attackers will use these suppliers to gain an initial foothold in the target system. Companies need to be more savvy and proactive when it comes to the supply chain.”

Attackers often exploit employees and customers with social engineering campaigns, and Avanessian warned that businesses should be ready for such attacks.

“Businesses should limit their exposure to this risk by adopting a least privilege approach to user access,” he said. “Businesses should prepare for when they are targeted, not if, and taking control of who has access to what is the obvious starting place.”

Avanessian advised that customers should also remain vigilant against such attacks and not engage in unsolicited contact that requests personal of financial information. “If they are unsure of what they are being asked they should hang up and make a call back to the company’s official number, thus confirming authenticity.”

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.