» ISP News »

ISP TalkTalk Failed to Inform 4,545 Customers of 2015 Data Breach

Wednesday, May 22nd, 2019 (10:14 am) - Score 2,122

The fallout from a 2015 cyberattack against TalkTalk’s UK website, which exposed the personal data of 156,959 customers to hackers, appears to be continuing after a new report alleges that the broadband ISP failed to correctly inform 4,545 customers that their data had been compromised (instead they were told it was NOT exposed).

The attack resulted from a combined Distributed Denial of Service (DDoS) assault and an SQL Injection exploit against TalkTalk’s site (here), which enabled the hackers to access the personal data belonging to 156,959 customers (15,656 of those also exposed sensitive bank account details).

Since then the ISP has been fined £400,000 by the ICO (here) for their “failure to implement the most basic cyber security measures” and several of those involved in the attack have now been jailed. Meanwhile it’s believed to have cost TalkTalk around £77 million to repair and recover from the damage.

However a new investigation by the BBC’s Watchdog TV show found that personal details for a further 4,500 customers (i.e. those who were originally told that their data was safe) could still be found online via nothing more complicated than a Google search. The details included full names, addresses, email addresses, dates of birth, TalkTalk customer numbers, mobile numbers and bank details.

Until very recently the ISP was continuing to tell some of those affected that their details had not been exposed.

A TalkTalk Spokesperson said:

“The 2015 incident impacted 4% of TalkTalk customers and at the time, we wrote to all those impacted. In addition, we wrote to our entire base to inform them about the breach, advise them about the risk of scam calls and offer free credit monitoring to protect against fraud.

A recent investigation has shown that 4,545 customers may have received the wrong notification regarding this incident. This was a genuine error and we have since written to all those impacted to apologise. 99.9% of customers received the correct notification in 2015.

On their own, none of the details accessed in the 2015 incident could lead to any direct financial loss.”

Unfortunately the 2015 breach did result in many of those affected being targeted by calls and emails from fraudsters, who would have been able to use such information in order to make their scams seem more authentic (e.g. posing as bank or ISP support agents). Admittedly there have been so many huge data breaches over the past few years that linking such activity directly back to TalkTalk itself is perhaps an exercise in futility.

The data could conceivably also be used by fraudsters to sign-up for other services, setup direct debits and thus purchase goods on the victim’s behalf.

By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and Linkedin.

Latest UK ISP News:

Openreach Tackle UK Copper Cable Theft with DNA Tracing Tech

UK Broadband ISP Cuckoo Appoints Sarah Howells as MD

CityFibre Covers 90,000 Wolverhampton Premises with FTTP Broadband

TOTSCo Clarifies UK Switching Rules for Wireless Broadband Networks

Trooli Consolidates Full Fibre Network with Axione UK in Scotland

Grain Expands UK Full Fibre Broadband to 236,000 Premises

Top News of the Week:

Update on the State of Modem Mode for Virgin Media’s Hub 5x UPDATED

April 23, 2024

Tesco Named Best UK Mobile Operator in Which? 2024 Survey

April 20, 2024

2023-Openreach-FTTP-Engineer-in-Rural-Street

Openreach Set to Top 14 Million UK Premises with FTTP Broadband

April 22, 2024

Macquarie Allegedly Mulls Sale or Merger of Broadband ISP KCOM

April 22, 2024

Vodafone Expands 4G Mobile to 200 UK Rural Locations via SRN

April 19, 2024

Cheapest Big ISPs for 100Mbps+:

Community Fibre £21.00

150Mbps (150Mbps up)

Virgin Media £26.00

132Mbps (20Mbps up)

Shell Energy £26.99

109Mbps (20Mbps up)

Sky Broadband £27.00

100Mbps (20Mbps up)

Plusnet £27.99

145Mbps (30Mbps up)

Zen Internet £28.00 - 35.00

100Mbps (18 - 100Mbps up)

Previous Article
« Zen Internet, Post Office and Plusnet Win 2019 Broadband ISP Survey

Next Article
Mobile Operator EE Set UK Live Date for Commercial 5G Network »

Search ISP News

Search ISP Listings

Search ISP Reviews

Comments

4 Responses

Joe says:

May 22, 2019 at 10:24 am

“Since then the ISP has been fined £400,000 by the ICO (here) for their “failure to implement the most basic cyber security measures” and several of those involved in the attack have now been jailed. Meanwhile it’s believed to have cost TalkTalk around £77 million to repair and recover from the damage.”

I’m sure many IT bods reading this will shake their head with a familiar recognition. Its astonishing how many companies – even large ones – still don’t take security seriously. yet the costs of recovering from a breach as above dwarf any ongoing costs.
Roger_Gooner says:

May 22, 2019 at 3:23 pm

All made worse by the response of the clueless Dido Harding who didn’t resign until 19 months later.
StillWaitingForSuperFast says:

May 23, 2019 at 10:46 am

So have the additional 4,545 customers been contacted now?

As a previous TT customer, how can I tell if this affects me?
Tom & Jerry says:

November 13, 2019 at 11:10 pm

@StillWaitingForSuperFast

If you’re a previous customer like me then the answer is no. However you can tell if you’ve been affected by the amount of scam phone calls you get from indian sounding people or robot voices saying there is a problem with your internet service and they are TalkTalk representatives who want to help you with your (non-existant) internet problem.

We’re still getting them 3 years later after leaving TalkTalk!