UK telecommunications firm TalkTalk has confirmed falling victim to a data breach after a threat actor boasted about the incident on a cybercrime forum.
The incident, the company told SecurityWeek in an emailed statement, involved a third-party platform and triggered immediate containment measures.
“As part of our regular security monitoring, given our ongoing focus on protecting customers’ personal data, we were made aware of unexpected access to, and misuse of, one of our third-party supplier’s systems,” a TalkTalk spokesperson said.
The telecom provider said it was working with the third-party supplier to resolve the issue, but would not share further information, citing its ongoing investigation into the incident.
The data breach came to light after a threat actor using the name ‘b0nd’ announced on a hacker forum they were offering for sale the information of over 18.8 million TalkTalk customers, which was allegedly obtained this month.
According to the threat actor’s post, the exfiltrated information includes names, email addresses, phone numbers, IP addresses, and other information.
“Our investigations are ongoing, however we can confirm that the number of potential customers referred to in certain online posts is wholly inaccurate and very significantly overstated,” TalkTalk told SecurityWeek.
Given that TalkTalk has roughly 2.4 million customers, the 18.8 million number the threat actor was referencing was likely referring to the number of records they might have stolen.
TalkTalk did not name the third-party supplier that was involved in the incident, but it appears that the information might have been stolen from CSG’s Ascendon platform, given the screenshots shared by b0nd on the cybercrime forum and CSG disclosing a cyber incident over the weekend.
Responding to a SecurityWeek inquiry, a CSG spokesperson confirmed unauthorized access to “a single provider’s data residing on a CSG platform” and said that the company has no evidence that its systems were compromised “or that CSG was the cause of the unexpected access to the data”.
It appears that compromised login credentials might have been used to access TalkTalk’s data, but it is unclear how many individuals might be affected, as the CSG managed platform was not used to manage all TalkTalk customers.
TalkTalk previously suffered a significant data breach back in 2015. Two individuals were sentenced to prison in 2018 for that attack.
Related: Millions Impacted by PowerSchool Data Breach
Related: HPE Investigating Breach Claims After Hacker Offers to Sell Data
Related: Venture Capital Giant Sequoia Targeted in BEC Attack
Related: Conduent Confirms Cyberattack After Government Agencies Report Outages
