TalkTalk, a major UK telecommunications company, is currently probing a data breach incident involving a third-party supplier’s systems.
The data breach was discovered on January 21, 2025, after a hacker, using the alias “b0nd,” attempting to sell on a cybercrime forum, stolen personal information of 18.8 million TalkTalk customers, which included names, email addresses, IP addresses, phone numbers, and subscriber PINs. However, TalkTalk spokesperson, Liz Holloway, firmly rejected the hacker’s assertion that the number of customers affected mentioned by the hacker, is “wholly inaccurate and very significantly overstated,” and that only 2.4 million customer accounts were compromised.
“As part of our regular security monitoring, given our ongoing focus on protecting customers’ personal data, we were made aware of unexpected access to, and misuse of, one of our third-party suppliers’ systems. Our Security Incident Response team are continuing to work with the supplier regarding this matter and protective containment steps were taken immediately.” Holloway further stated.
TalkTalk has not identified the third-party supplier involved in the breach. However, it seems likely that the data was taken from CSG’s Ascendon platform, based on screenshots posted by “b0nd” on a cybercrime forum and CSG’s recent disclosure of a cyber incident over the weekend.
TalkTalk and CSG have taken steps to mitigate the breach. The affected systems have been secured, and both companies are working with cybersecurity experts to investigate the incident. TalkTalk has assured customers that no billing or financial information was compromised and has advised them to remain vigilant about any suspicious activity.
#CyTech #cybernews #cybersecurity #ciso #cisoworkplace #databreach #TalkTalk #CSG
Leave a Reply