U.Ok. telecoms large TalkTalk has confirmed that it’s investigating an information breach after a hacker claimed to have stolen the non-public data of thousands and thousands of consumers.
In a publish on a well-liked cybercrime discussion board seen by TechCrunch, a person utilizing the alias “b0nd” claimed to have stolen the non-public information of greater than 18.8 million present and former TalkTalk subscribers. This information, which the risk actor is providing on the market, supposedly consists of buyer names, e mail addresses, IP addresses, telephone numbers and subscriber PINs.
In a press release to TechCrunch, TalkTalk spokesperson Liz Holloway confirmed the corporate is investigating the info breach, however stated the 18.8 million determine claimed by the hacker is “wholly inaccurate and really considerably overstated.”
TechCrunch understands that TalkTalk at present has roughly 2.4 million clients.
“As a part of our common safety monitoring, given our ongoing deal with defending clients’ private information, we have been made conscious of surprising entry to, and misuse of, certainly one of our third-party suppliers’ techniques,” Holloway informed TechCrunch. “Our Security Incident Response workforce are persevering with to work with the provider relating to this matter and protecting containment steps have been taken instantly.”
Holloway declined to call the third-party provider, however screenshots shared by b0nd counsel the info was stolen from CSG’s Ascendon platform, which TalkTalk makes use of for subscription administration.
In a press release despatched to TechCrunch, CSG spokesperson Kristine Østergaard stated the corporate discovered that an “exterior social gathering gained unauthorized entry to a single supplier’s information residing on a CSG platform” on January 21. However, she added that the CSG has “no proof” that its techniques have been compromised or that CSG was the reason for the TalkTalk breach.
TechCrunch understands that the non-public particulars of a small subset of TalkTalk clients are saved in Ascendon. Holloway confirmed to TechCrunch that “no billing or monetary data was saved on this technique.”
TalkTalk was beforehand fined £400,000 after a 2015 information breach through which hackers stole the non-public information of 157,000 clients, together with some monetary data. The U.Ok.’s Information Commissioner stated on the time that TalkTalk had did not implement “probably the most fundamental cyber safety measures,” enabling hackers to “penetrate its techniques with ease.”
Updated with remark from CSG.
