Security Experts:

Connect with us

Hi, what are you looking for?



TalkTalk Downplays Data Breach

The recent data breach has not affected core systems and the exposed financial data cannot be used to steal money from customer accounts, U.K.-based phone and broadband services provider TalkTalk said on Sunday.

The recent data breach has not affected core systems and the exposed financial data cannot be used to steal money from customer accounts, U.K.-based phone and broadband services provider TalkTalk said on Sunday.

TalkTalk reported on Thursday that it detected a “significant and sustained” attack on its systems the previous day. The company is investigating the incident in collaboration with the Metropolitan Police’s Cyber Crime Unit and cybercrime experts.

The British telecoms company noted that while the investigation is ongoing, the attackers might have accessed customer names, addresses, dates of birth, email addresses, phone numbers, TalkTalk account data, credit and debit card information, and bank details.

In an update provided on Sunday, TalkTalk clarified that the cyberattack targeted the company’s website, not its core systems. Furthemore, the company says the attackers have not accessed TalkTalk My Account passwords, although users are advised to change them as a precaution.

As far as financial information is concerned, the company says its website does not store complete payment card details. More precisely, credit and debit card numbers possibly accessed by the cybercriminals have six middle digits blanked out, which makes them useless for financial transactions.

“We now expect the amount of financial information that may have been accessed to be materially lower than initially believed and would on its own not enable a criminal to take money from your account,” TalkTalk said.

Several individuals and groups have taken credit for the attack on TalkTalk. One of them even attempted to blackmail the company, asking roughly $122,000 in Bitcoin to prevent stolen customer data from being leaked.

According to cybercrime blogger Brian Krebs, the extortionists demonstrated that they are behind the breach by providing information from a database storing the details of 400,000 individuals who recently underwent credit checks for new service with TalkTalk.

Krebs also reported that a reputable seller announced his intention to offer the data on a Deep Web black market website called AlphaBay.

“There’s lots of speculation online. We can’t comment on this as it’s a live investigation; we continue to work with cyber-crime specialists and the police as they investigate the attack and any relevant information is being shared with the authorities,” a TalkTalk spokesperson told SecurityWeek on Friday regarding the groups that claim to possess stolen data.

Krebs learned from his sources that the hackers leveraged a SQL injection vulnerability to gain access to user data. The distributed denial-of-service (DDoS) attack that disrupted TalkTalk’s website at around the time of the breach is believed to have served as a smokescreen for other malicious activities.

“More frequently exfiltration of personal data comes on the heels of a DDoS attack, as this activity can be used to map or profile a network’s existing security defenses, pinpointing holes in security or vulnerabilities to exploit. An onslaught of DDoS attack activity follows, distracting IT personnel, overwhelming data logging tools and masking other nefarious attack attempts,” Dave Larson, CTO at Corero Network Security, told SecurityWeek. “The modern DDoS attack has become more than just a threat or impact to availability, it has evolved to a security implication.”

This is the third time TalkTalk customers have been affected by a data breach over the past year. One of the incidents affected TalkTalk directly, while the second impacted Carphone Warehouse, a company that provides services to the telecoms firm.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.