» ISP News » 
Sponsored Links

UK ISP TalkTalk Admits Illegal Customer Data Breach Fuelled Scam Calls

Friday, Feb 27th, 2015 (8:29 am) - Score 4,146

Low cost broadband and phone provider TalkTalk could be facing a fine from the Information Commissioner’s Office (ICO) after they finally coughed up to a serious customer data breach, which last year caused some of their subscribers to be hit by a spate of Indian-based scam callers.

Admittedly scam calls themselves are nothing new and at some point most of us will have picked up the phone only to be faced with just such a call, often one that claims to require our personal / financial details or which asks you to perform some sort of task on your computer. Calls like this are cleverly crafted, often exhibiting good knowledge of the business they’re impersonating, and adopt various tricks to encourage you to part with your data.

The same might have been true of the scammers that last year targeted TalkTalk customers, many of which claimed to be engineers for the ISP, at least that would have been the case were it not for the fact that they appeared to know an awful lot about their intended targets and related user accounts.

In TalkTalk’s case many of the scam callers said that they wanted to remove a virus/problem from the customer’s computer (the method they propose usually does the opposite) and then proceeded to read out their targets account number, name, phone number and postal address for verification. It’s likely that they could have found the address and name via public sources, but the account number? We note that some customers of BT also received similarly detailed scam calls during early 2014.

At the time TalkTalk said they would investigate and noted that they had “no concrete evidence of a data breach“. Several months have since passed and this week the ISP suddenly began sending out a notice to warn customers about the dangers of scam callers, although those emails don’t include all of the details that can be found on their website.

TalkTalk Statement

We know some customers are currently being targeted by criminal scammers claiming to be from TalkTalk who have obtained their account and phone number. After further investigation, we’ve become aware that some limited information we have about some of our customers could have been accessed in violation of our security procedures.

We have reported the matter to the Information Commissioner’s Office [ICO] and we’re liaising with them and other official bodies, because unfortunately it is not only our customers who are being targeted by scammers.”

According to TalkTalk, a “detailed investigation” revealed that some customer information, including account numbers (note: no financial or date of birth data was compromised), appears to have been “illegally accessed in violation of our security procedures“. The ISP also claims to be working with an “external specialist security company to take urgent and serious steps to prevent this happening again“. Sadly they wouldn’t share how the breach happened, although if the ICO publishes a report then we may eventually find out.

TalkTalk now claims to have put “every possible measure” in place to try and stop this from happening again. The ISP has also advised customers to take extra care when anybody rings or emails them claiming to be from TalkTalk. The ISP said they would “NEVER” call customers and use an account number to identify you or prove that the call is genuine. The ISP also said they wouldn’t ask you to provide bank details (without specific prior permission), download software on to your computer or demand your account password.

The move to inform customers about all this appears to have been cleverly timed to coincide with the Government’s move this week to introduce tougher measures for tackling nuisance calls and thus it very nearly slipped under our radar, since many other businesses and ISPs have also been putting out similar advisories (most are merely educational). TalkTalk also run their own nuisance call reporting service, although ironically the ISP has in the past been the subject of complaints for making its own such calls (here).

As a rule it’s always wise to ignore any requests for personal or financial details over the phone (unless you’re the one making the call) and, after replacing the handset, always leave the phone for a good 15 minutes+ before calling-out again to a known / legitimate number in case the scammer is still hanging on to the end of your line (BT have separately made some changes to combat this).

By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and .
Search ISP News
Search ISP Listings
Search ISP Reviews

Comments are closed

Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
Gift: None
Virgin Media UK ISP Logo
Virgin Media £26.00
Gift: None
Shell Energy UK ISP Logo
Shell Energy £26.99
Gift: None
Sky Broadband UK ISP Logo
Gift: None
Plusnet UK ISP Logo
Plusnet £27.99
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
Gift: None
YouFibre UK ISP Logo
YouFibre £19.99
Gift: None
Community Fibre UK ISP Logo
Gift: None
BeFibre UK ISP Logo
BeFibre £21.00
Gift: £25 Love2Shop Card
Hey! Broadband UK ISP Logo
Gift: None
Large Availability | View All
The Top 15 Category Tags
  1. FTTP (5525)
  2. BT (3518)
  3. Politics (2541)
  4. Openreach (2298)
  5. Business (2264)
  6. Building Digital UK (2246)
  7. FTTC (2044)
  8. Mobile Broadband (1975)
  9. Statistics (1789)
  10. 4G (1666)
  11. Virgin Media (1621)
  12. Ofcom Regulation (1463)
  13. Fibre Optic (1395)
  14. Wireless Internet (1390)
  15. FTTH (1382)

Helpful ISP Guides and Tips


Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact