Home
 » ISP News » 
Sponsored

UK ISP TalkTalk Admits Illegal Customer Data Breach Fuelled Scam Calls

Friday, February 27th, 2015 (8:29 am) - Score 4,055
fire_extinguisher

Low cost broadband and phone provider TalkTalk could be facing a fine from the Information Commissioner’s Office (ICO) after they finally coughed up to a serious customer data breach, which last year caused some of their subscribers to be hit by a spate of Indian-based scam callers.

Admittedly scam calls themselves are nothing new and at some point most of us will have picked up the phone only to be faced with just such a call, often one that claims to require our personal / financial details or which asks you to perform some sort of task on your computer. Calls like this are cleverly crafted, often exhibiting good knowledge of the business they’re impersonating, and adopt various tricks to encourage you to part with your data.

The same might have been true of the scammers that last year targeted TalkTalk customers, many of which claimed to be engineers for the ISP, at least that would have been the case were it not for the fact that they appeared to know an awful lot about their intended targets and related user accounts.

In TalkTalk’s case many of the scam callers said that they wanted to remove a virus/problem from the customer’s computer (the method they propose usually does the opposite) and then proceeded to read out their targets account number, name, phone number and postal address for verification. It’s likely that they could have found the address and name via public sources, but the account number? We note that some customers of BT also received similarly detailed scam calls during early 2014.

At the time TalkTalk said they would investigate and noted that they had “no concrete evidence of a data breach“. Several months have since passed and this week the ISP suddenly began sending out a notice to warn customers about the dangers of scam callers, although those emails don’t include all of the details that can be found on their website.

TalkTalk Statement

We know some customers are currently being targeted by criminal scammers claiming to be from TalkTalk who have obtained their account and phone number. After further investigation, we’ve become aware that some limited information we have about some of our customers could have been accessed in violation of our security procedures.

We have reported the matter to the Information Commissioner’s Office [ICO] and we’re liaising with them and other official bodies, because unfortunately it is not only our customers who are being targeted by scammers.”

According to TalkTalk, a “detailed investigation” revealed that some customer information, including account numbers (note: no financial or date of birth data was compromised), appears to have been “illegally accessed in violation of our security procedures“. The ISP also claims to be working with an “external specialist security company to take urgent and serious steps to prevent this happening again“. Sadly they wouldn’t share how the breach happened, although if the ICO publishes a report then we may eventually find out.

TalkTalk now claims to have put “every possible measure” in place to try and stop this from happening again. The ISP has also advised customers to take extra care when anybody rings or emails them claiming to be from TalkTalk. The ISP said they would “NEVER” call customers and use an account number to identify you or prove that the call is genuine. The ISP also said they wouldn’t ask you to provide bank details (without specific prior permission), download software on to your computer or demand your account password.

The move to inform customers about all this appears to have been cleverly timed to coincide with the Government’s move this week to introduce tougher measures for tackling nuisance calls and thus it very nearly slipped under our radar, since many other businesses and ISPs have also been putting out similar advisories (most are merely educational). TalkTalk also run their own nuisance call reporting service, although ironically the ISP has in the past been the subject of complaints for making its own such calls (here).

As a rule it’s always wise to ignore any requests for personal or financial details over the phone (unless you’re the one making the call) and, after replacing the handset, always leave the phone for a good 15 minutes+ before calling-out again to a known / legitimate number in case the scammer is still hanging on to the end of your line (BT have separately made some changes to combat this).

Add to Diigo
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
15 Responses
  1. Avatar Bob2002

    TalkTalk still seems to be leaking customer details –

    “At 19:40pm tonight I received a call from a man who said he was from TalkTalk, gave my name & address & also correctly informed me regarding my 1st order had been cancelled due to my existing landline number migration.

    @mickeyd Yes i had only signed up on the 15th of this month so they seemed to have my info very fast.”

    http://community.talktalk.co.uk/t5/Scam-Calls/Another-scam-phone-call/m-p/1613428#U1613428

  2. Avatar hmmm

    TT and there lies wouldn’t trust them they services are a shambles like the company want manages the lines ripoff Britain

  3. Avatar Claire

    Considering their customer services are outsourced to the likes of LBM, there may be a bit ofinvestigating to correctly determine where the breach is coming from.

    This is one of the problems of outsourcing, particularly where customer data is the commodity being collated, stored, and ultimately sold.

  4. Avatar Thomas

    Wednesday 24th June – 3 separate calls from scammers claiming to be Talk Talk and that my computer had a virus, blah, blah, blah.
    Scary as they had my Talk Talk account number! The second scammer got very annoyed (I was playing dodgy sound effects to him) he told me quote – ‘F••• Off, we going to steal all your money’ before hanging up. As a result, I spent half an hour on the phone to Talk Talk who did nothing – the rep even had the cheek to try to up-sell me another package for a furtther 18 months contract. I hate Talk Talk – idiots!

    • Avatar John Greene

      I just had this today and talk talk tried to get me to upgrade with a new package too,bastards.

  5. Avatar Vin

    The Talk-Talk scam is still going on. A few weeks ago I reported a fault and within days the scammers were calling with with full details of the fault as well as my account details. I almost fell for it but realised what they were up to when the mentioned giving me an online refund as compensation. Reported the matter to Talk-Talk and was sent back a ‘full and final email’ containing the usual waffle but basically doing nothing. I’ve now read about this in so many forums covering a long period of time that it’s clear Talk-Talk don’t really care about its customers’ security so I’ll be changing supplier.

  6. Avatar peggy

    Getting two/three phone calls per day for well over a week now – talk talk have a load of general information on the internet about this – no effort it seems to put a stop to this as I can see it goes back months.

  7. Avatar Rachel

    Yesterday I was called from TalkTalk apparently ,also quoting my account number and my full name. They said that the talktalk security software needed to be updated. I am an intelligent woman and yet because of the account number being quoted I believed them.

    The long and the short of it is that they took £1750 from a bank account of mine. Luckily I spotted and rang the bank’s fraud team. The money has since been returned to my account this morning.

    I tried to talk to talk talk but got an online chat (typing. Experience) and was told that someone from their legal team would call back. They did not! I agree they do not appear to care about their customers.

    This whole experience has scarred me and left me feeling physically shaken and humiliated . The perpretators should be sent to jail for a long time.

    I will also be changing internet providers .

    • Avatar John Greene

      Had exactly the same as you today,£470 in my case. I told my back straight away,so i only have any hope now because you say you got yours back. But from what i am reading i think you may have been extremely lucky. Or maybe because you acted quick,as i did,so i will hope and see what happens.

  8. Avatar alan moore

    re.rachels comment 30/7/15,i had the same happen to me 3/8/15, i had reported a problem to tt 30/6/15, the sent a text confirming they were looking into the problem,on the 3/8/18 i had a call from tt( i had assumed},saying they were going to sort out the problem, this person by the way was the scammer,it was a bit of a coincidence they were giving me the same info. as the tt text,you draw your own conclusions from that one,when i reported it to tt they were not interested,i have come to the conclusion that tt could not care less and i am about to move on to another provider

  9. Avatar Simon

    Must have had at least a dozen of these calls. Point is that they know your account number but try asking them for your (TalkTalk)email address and they make some excuse for not being able to gain access to it. After that the scammer usually gets cross and hangs up!
    Ought to invest in a call-blocker but have to confess to stringing these cretins along and then insulting them with profanities.

  10. Avatar GC

    Same scam at my mother’s yesterday. Got in to the PC, didn’t get her to enter her bank details, but now the PC is locked and needs formatting. Who knows how much personal info has been compromised with consequential loss and damage as yet unrealised? Again they called just after she had been speaking to Talk Talk. Seems logical to infer that the scammers have either a mole inside Talk Talk or its subcontractors, or they have some sort of data ‘pipe’ into Talk Talk’s I.T. systems, or both. Either way this has obviously been going on for some time, long enough for Talk Talk to be liable. Has anyone claimed damages or sued them? This might be time to start a class action lawsuit – does anyone know if this is happening or how to get the ball rolling?

  11. Avatar Talk too much

    Aug 17: still going on. Within 5 mins of husband paying bill today he got a calll from someone claiming to be taltalk. Unfortunately he was drawn in by talk of talktalk having found problems on line and needing to connect and run diagnostics. They knew which bank we used to pay bill. He was then shown how there was an issue and offered £200 compensation. The guy showed him screen to see £200 had been transferred , then whoops, a mistake we’ve paid you £4000 in error! Pay us back by money gram. Husband still didn’t click, offered to wire it back to talktalk. They were on the call for ~50 mins by then so god knows what they’d been accessing by that time under the guise of diagnostics. Luckily when husband called bank to find out why he couldn’t wire money back , bank was on the ball and stopped the scam. Tonight we’re now having to clean computer and change all passwords and calling banks. Talktalk were nice, sympathetic but entirely unable to tell me how the hell scammers knew what bank we banked with- somehow they are getting this information.

  12. Avatar Debbie Hart

    This happened to me yesterday and I feel such an idiot for falling for it. Same story as everyone else really, they called, I believed them, they gained access to my pc. I was on phone to them for over an hour getting more cross and stressed as I was sure it was a scam, but for some reason I carried on. They “accidentally” credited my account with £600 and then wanted me to transfer it back via moneygram. I hung up immediately. Called my bank straight away to block internet banking, have reformatted the laptop etc. Don’t feel safe, now need to change all passwords and never answer my landline again!

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £21.00 (*25.00)
    Avg. Speed 50Mbps, Unlimited
    Gift: £50 Shopping Voucher
  • TalkTalk £21.95 (*36.00)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited (FUP)
    Gift: None
  • Post Office £22.90 (*37.00)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
  • Direct Save Telecom £22.95 (*29.95)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2533)
  2. FTTP (2254)
  3. FTTC (1676)
  4. Building Digital UK (1616)
  5. Politics (1444)
  6. Openreach (1432)
  7. Business (1258)
  8. Statistics (1110)
  9. FTTH (1105)
  10. Mobile Broadband (1056)
  11. Fibre Optic (978)
  12. Ofcom Regulation (922)
  13. 4G (918)
  14. Wireless Internet (917)
  15. Virgin Media (870)
  16. EE (602)
  17. Sky Broadband (600)
  18. TalkTalk (586)
  19. Vodafone (532)
  20. 3G (417)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact