U.Okay. telecoms big TalkTalk has confirmed that it’s investigating a data breach after a hacker claimed to have stolen the non-public info of tens of millions of shoppers.
In a submit on a preferred cybercrime discussion board seen by information.killnetswitch, a person utilizing the alias “b0nd” claimed to have stolen the non-public knowledge of greater than 18.8 million present and former TalkTalk subscribers. This knowledge, which the risk actor is providing on the market, supposedly consists of buyer names, e-mail addresses, IP addresses, cellphone numbers, and subscriber PINs.
In a press release to information.killnetswitch, TalkTalk spokesperson Liz Holloway confirmed the corporate is investigating the data breach, however mentioned the 18.8 million determine claimed by the hacker is “wholly inaccurate and really considerably overstated.”
information.killnetswitch understands that TalkTalk at the moment has roughly 2.4 million prospects.
“As a part of our common security monitoring, given our ongoing deal with defending prospects’ private knowledge, we had been made conscious of sudden entry to, and misuse of, one in all our third-party suppliers’ methods,” Holloway instructed information.killnetswitch. “Our Safety Incident Response group are persevering with to work with the provider relating to this matter and protecting containment steps had been taken instantly.”
Holloway declined to call the third-party provider, however screenshots shared by b0nd counsel the info was stolen from CSG’s Ascendon platform, which TalkTalk makes use of for subscription administration.
In a press release despatched to information.killnetswitch, CSG spokesperson Kristine Østergaard mentioned the corporate realized that an “exterior celebration gained unauthorized entry to a single supplier’s knowledge residing on a CSG platform” on January 21. Nonetheless, she added that the CSG has “no proof” that its methods had been compromised or that CSG was the reason for the TalkTalk breach.
information.killnetswitch understands that the non-public particulars of a small subset of TalkTalk prospects are saved in Ascendon. Holloway confirmed to information.killnetswitch that “no billing or monetary info was saved on this technique.”
TalkTalk was beforehand fined £400,000 after a 2015 data breach by which hackers stole the non-public knowledge of 157,000 prospects, together with some monetary info. The U.Okay.’s Info Commissioner mentioned on the time that TalkTalk had did not implement “probably the most fundamental cyber security measures,” enabling hackers to “penetrate its methods with ease.”
Up to date with remark from CSG.
