Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Fraud & Identity Theft

TalkTalk: Details of Over 1 Million Users Accessed by Hackers

British telecoms company TalkTalk has published information regarding the details accessed by hackers in the recent data breach, and law enforcement has announced the arrest of a third suspect in the case.

British telecoms company TalkTalk has published information regarding the details accessed by hackers in the recent data breach, and law enforcement has announced the arrest of a third suspect in the case.

Shortly after launching an investigation into the incident, TalkTalk attempted to downplay the incident saying that the attackers only breached its website and not its core systems, and that the amount of data exposed is significantly smaller than initially believed.

The company has now revealed that the hackers gained access to less than 21,000 bank account numbers and sort codes, less than 28,000 credit and debit cards, and less than 15,000 dates of birth. As it stated earlier in the investigation, the payment card numbers compromised in the breach are incomplete (i.e. six middle digits are blanked out), which means fraudsters cannot use the information directly to steal money from bank accounts.

TalkTalk also reported that the attackers accessed the names, email addresses and phone numbers of less than 1.2 million customers. The data, allegedly obtained by hackers after exploiting a SQL injection vulnerability, has been reportedly sold on cybercrime forums.

All affected individuals will be contacted and informed about the type of information that has been compromised.

“As we have previously confirmed, the credit and debit card details cannot be used for financial transactions. In addition, we have shared the affected bank details with the major UK banks so they can take their usual actions to protect customers’ accounts in the highly unlikely event that a criminal attempts to defraud them,” TalkTalk said on Friday. “We also encourage you to take up the free 12 months of credit monitoring alerts with Noddle, one of the leading credit reference agencies.”

While the compromised data cannot be used directly to steal money from accounts, it can be highly useful for social engineering attacks, and now that TalkTalk told customers to expect to be contacted, such schemes could become even more successful. TalkTalk users have been warned that scammers and cybercriminals might leverage the recent incident to trick them into handing over bank details and passwords (TalkTalk says it will only ask for two digits), and installing malicious software.

Advertisement. Scroll to continue reading.

The Metropolitan Police announced over the weekend the arrest of a third suspect in this case, a 20-year-old man from Staffordshire. Investigators had previously arrested a 15-year-old boy from Northern Ireland, and a 16-year-old from Feltham.

The teens were arrested on suspicion of committing offences covered by the Computer MIsuse Act, and were later released on bail.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Cybercrime

Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam.

Application Security

After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple...

Cybercrime

Spanish and US authorities have dismantled a cybercrime ring that defrauded victims of more than $5.3 million.

Application Security

Software maker Adobe has rolled out its first batch of security patches for 2023 with fixes for at least 29 security vulnerabilities in a...