Acknowledging the alleged data breach, the renowned UK Telecom provider, TalkTalk, has initiated an investigation subsequent to a hacker’s bold claims of stealing vast quantities of customer data.
The alleged cyberattacker, known as “b0nd”, stated in a post on a high-profile online cyberspace forum that he/she has pilfered the personal data of approximately 18.8 million current and retired TalkTalk customers. The compromised data, now up for sale, reportedly includes details like customers’ names, email addresses, IP addresses, phone numbers and subscription PINs.
However, TalkTalk spokesperson Liz Holloway has dismissed the 18.8 million figure as exaggerated while confirming the data breach investigation. With its current customer base of around 2.4 million, TechCrunch gauges the posed figure as significantly inflated.
Upon detecting unexpected intrusion and misuse of one of their third-party suppliers’ systems as part of their continuous security surveillance, TalkTalk’s Security Incident Response team swung into action. “Our team took immediate containment measures,” said Holloway without revealing the identity of the third-party supplier.
Possible evidence shared by ‘b0nd’ indicates that CSG’s Ascendon platform, used by TalkTalk for subscription management, was where the data was allegedly stolen. However, only a minor fraction of TalkTalk customers’ details are stored on Ascendon. A crucial clarification made by Holloway was that “this system had no billing or financial information stored on it.”
This recent event brings back memories of the 2015 data breach, where TalkTalk was penalized £400,000 as hackers gained access to the personal data of 157,000 customers, which also included financial details. In light of this, the U.K.’s Information Commissioner had criticized TalkTalk’s negligence over implementing “basic cybersecurity measures.”
Original source: Read the full article on TechCrunch
