CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Fraud & Identity Theft

TalkTalk: Details of Over 1 Million Users Accessed by Hackers

British telecoms company TalkTalk has published information regarding the details accessed by hackers in the recent data breach, and law enforcement has announced the arrest of a third suspect in the case.

British telecoms company TalkTalk has published information regarding the details accessed by hackers in the recent data breach, and law enforcement has announced the arrest of a third suspect in the case.

Shortly after launching an investigation into the incident, TalkTalk attempted to downplay the incident saying that the attackers only breached its website and not its core systems, and that the amount of data exposed is significantly smaller than initially believed.

The company has now revealed that the hackers gained access to less than 21,000 bank account numbers and sort codes, less than 28,000 credit and debit cards, and less than 15,000 dates of birth. As it stated earlier in the investigation, the payment card numbers compromised in the breach are incomplete (i.e. six middle digits are blanked out), which means fraudsters cannot use the information directly to steal money from bank accounts.

TalkTalk also reported that the attackers accessed the names, email addresses and phone numbers of less than 1.2 million customers. The data, allegedly obtained by hackers after exploiting a SQL injection vulnerability, has been reportedly sold on cybercrime forums.

All affected individuals will be contacted and informed about the type of information that has been compromised.

“As we have previously confirmed, the credit and debit card details cannot be used for financial transactions. In addition, we have shared the affected bank details with the major UK banks so they can take their usual actions to protect customers’ accounts in the highly unlikely event that a criminal attempts to defraud them,” TalkTalk said on Friday. “We also encourage you to take up the free 12 months of credit monitoring alerts with Noddle, one of the leading credit reference agencies.”

While the compromised data cannot be used directly to steal money from accounts, it can be highly useful for social engineering attacks, and now that TalkTalk told customers to expect to be contacted, such schemes could become even more successful. TalkTalk users have been warned that scammers and cybercriminals might leverage the recent incident to trick them into handing over bank details and passwords (TalkTalk says it will only ask for two digits), and installing malicious software.

The Metropolitan Police announced over the weekend the arrest of a third suspect in this case, a 20-year-old man from Staffordshire. Investigators had previously arrested a 15-year-old boy from Northern Ireland, and a 16-year-old from Feltham.

Advertisement. Scroll to continue reading.

The teens were arrested on suspicion of committing offences covered by the Computer MIsuse Act, and were later released on bail.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Register

As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.

Register

Expert Insights

Related Content

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...

Cybercrime

Deepfakes, left unchecked, are set to become the cybercriminals’ next big weapon

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Cybercrime

A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile...

Cybercrime

While there are likely many different approaches, here are a few points that are important for enterprises to consider when evaluating bot solutions.