Budget Broadband ISP TalkTalk Probes Possible UK Data Breach
Customers of debt-troubled UK internet provider TalkTalk have been given an uncomfortable reminder of the 2015 cyberattack (here), which came after the ISP admitted that it was “investigating” reports on a cybercrime forum that alleged the provider had suffered a new data breach.
According to The Register, a member of the forum claimed that personal data belonging to 18.8 million current and former customers of TalkTalk had been leaked, including – subscriber PINs, first and last names, email addresses, information about customers’ last account access, IP addresses, business and home phone numbers. But no financial details appear to have been exposed.
The breach, which allegedly took place last month, is said to have occurred in an external third-party supplier that is used by TalkTalk. But doubts have also been cast over the figure of 18.8m customers, not least since the provider currently only has 3.6 million customers (including residential, business and wholesale etc.).
Advertisement
However, even accounting for past customers, it would still be a struggle to reach 19m, and that’s before we consider the requirement of data protection laws to erase old data (exemptions do sometimes apply). But debates over the scale of the breach may be at risk of distracting from the negative impact of the alleged breach itself, regardless of how many customers it may involve.
A Spokesperson for TalkTalk said:
“As part of our regular security monitoring, given our ongoing focus on protecting customers’ personal data, we were made aware of unexpected access to, and misuse of, one of our third-party supplier’s systems, however, no billing or financial information was stored on this system.
Our security incident response team is continuing to work with the supplier regarding this matter and protective containment steps were taken immediately. Our investigations are ongoing, however, we can confirm that the number of potential customers referred to in certain online posts is wholly inaccurate and very significantly overstated.”
As it stands, TalkTalk are still in the early stages of investigating the claim and cannot yet confirm whether any personal data has in fact been breached, although the above statement does appear to hint in that direction. At this point it probably goes without saying that this is the last thing the provider and their customers need, particularly given their recent financial woes.
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and Linkedin.
« Police Arrest After Protestors Cut Vital Fibre Optic Cables in UK Cities
Advertisement
Leave a Reply
Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your entries for comment content, display name, IP and email in our database, for as long as the post remains live.
Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.
Latest UK ISP News
- FTTP (6150)
- BT (3691)
- Politics (2777)
- Business (2481)
- Openreach (2446)
- Building Digital UK (2364)
- Mobile Broadband (2200)
- FTTC (2094)
- Statistics (1951)
- 4G (1856)
- Virgin Media (1811)
- Ofcom Regulation (1615)
- Fibre Optic (1490)
- Wireless Internet (1477)
- 5G (1453)
Not sure I would class TalkTalk as a budget ISP with their predatory price increases each April, but everyone seems to do them
It is cheaper, relatively speaking, at least the point of sale.
My parents still insist on having unlimited calls to landlines and mobiles, even though they have that perk on their £1/month mobile SIMs. And for that feature alongside part-fibre internet access, I’ve found no-one cheaper to move them to, compared to what I haggle with them at renewal time.
But I agree with you that it is not cheap.
I still use BT!
It could also include non-customers who provided details to initiate a sale but didn’t take out a package. Address & phone number is collected just to quote/speed check before other info like name/dob is collected. I suspect they collect and use that for warm prospecting, likely keeping it in the same database as full customers.
I have suspected foul play for years. Approximately two weeks after contacting TalkTalk I would receive several unsolicited,junk calls to my ex-directory landline and mobile phones.
They keep outsourcing their customer service to third-world nations, even though they are in the same building as those people pending to be Microsoft to scam people’s credit cards. Yet they then act shocked when there are nonstop data breaches. Is this the third one now in two years?
Shouldn’t have moved everything to Durban for 3 months then fire everyone in Durban. They were desperate for money and impossible to train.
Or got rid of us lot that were once directly employed by Talktalk in Preston. The Qube password for the entire office was Preston1! I kid you not, all of us used the same login, no wonder data breaches happen..
Yea, Roll on the UK, after 20+ years, having to go soemwhere like Sarbanes Oxley in controlling data access & change.
Controll of PII needs a simmilar overhaul, and severe penalties on the board (and shareholders) for any failures.