Security Experts:

Connect with us

Hi, what are you looking for?



TalkTalk Customer Details Exposed in Data Breach

U.K.-based phone and broadband services provider TalkTalk informed customers on Thursday that their personal and financial information might have been accessed by malicious actors.

U.K.-based phone and broadband services provider TalkTalk informed customers on Thursday that their personal and financial information might have been accessed by malicious actors.

TalkTalk said it detected a “significant and sustained” attack on its systems on Wednesday, October 21. The telecoms firm is working with cybercrime experts and the Metropolitan Police’s Cyber Crime Unit to investigate the incident.

The company says it’s too early to provide information on who might be behind the attack and the methods used by the attackers. An initial analysis revealed that the attackers might have accessed names, addresses, dates of birth, email addresses, phone numbers, TalkTalk account data, credit card details, and bank account information. The company says not all data was encrypted.

TalkTalk has reported the incident to the Information Commissioner’s Office (ICO), and contacted major banks to ensure that they will monitor its customers’ accounts for suspicious activity. The company plans on offering affected individuals one year of free credit monitoring services.

The company has warned customers about the malicious activities that might emerge following the data breach, including phishing scams targeting account information and bank details, and attempts to trick users into downloading malicious software on their computers.

“TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organisations,” TalkTalk CEO Dido Harding said in a statement. “We take any threat to the security of our customers’ data extremely seriously and we are taking all the necessary steps to understand what has happened here.”

Harding told the BBC that she received a ransom demand via email from someone claiming to be the hacker.

Some individuals have also published data records allegedly stolen from TalkTalk, but the company has refused to confirm or deny their validity, citing the ongoing investigation.

“There’s lots of speculation online. We can’t comment on this as it’s a live investigation; we continue to work with cyber-crime specialists and the police as they investigate the attack and any relevant information is being shared with the authorities,” a TalkTalk spokesperson told SecurityWeek.

This is the third time TalkTalk customers have been affected by a data breach in the past year. In February, the company confirmed that it had suffered a data breach in which clients’ names, phone numbers, addresses, and TalkTalk account numbers had been compromised. The breach came to light after the company noticed a spike in the number of fraud attempts aimed at its customers.

In August, 480,000 TalkTalk users were affected by a breach suffered by a division of the U.K.-based mobile phone retailer Carphone Warehouse, which provides services, among others, to TalkTalk.

Users visiting TalkTalk’s website might have ended up with malware on their computers last month after cybercriminals tricked advertising networks into pushing their malicious ads as part of a malvertising campaign that went largely undetected for three weeks. The ads reached several high-traffic websites, including the main TalkTalk site, which has over 11 million monthly visits.

“Even though TalkTalk mentions that the attack happened yesterday, there are reasons to assume that the attack has lasted longer than just the past 24 hour,” Wim Remes, Strategic Services Manager EMEA for Rapid7, told SecurityWeek. “The data was released by the attackers yesterday, that is all we can derive from what we know now. There is no need to speculate how the attackers got in, what they were after, and what their motivations are.”

“Attribution, in my opinion, is a zero sum game and I am confident that TalkTalk will share that information once they have connected all the dots,” Remes added. “What I think is important to emphasize is TalkTalk’s very strong focus on clear communication. The CEO is the person representing the company to its stakeholders in times of distress without hiding the issues. They were breached, they are working on finding out what happened, and in the mean time here is the CEO talking clearly and without hesitation about what customers can expect from them. This is literally rule number one of incident response and one that is often forgotten once a breach happens.”

*Updated with commentary from Rapid7 and response from TalkTalk regarding the leaked data

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...