FlagThis

UK telecommunications provider, TalkTalk, is currently investigating a potential data breach following claims made on a cybercrime forum. A threat actor, using the handle "b0nd," has alleged to possess the data of nearly 19 million current and former TalkTalk customers. The investigation is in its early stages and involves a third-party supplier whose platform is believed to manage a small part of the company’s customer base. This platform, however, does not store billing details or other sensitive financial information. TalkTalk has confirmed that they are aware of the posts and that an investigation is underway with the supplier, and that immediate protective measures have been taken.

The threat actor has claimed that the data includes subscriber PINs, names, email addresses, last account access information, IP addresses, and phone numbers. However, TalkTalk believes that the reported scale of the data breach is significantly overstated. They highlight that they have never had close to 19 million customers and that the platform involved only manages a subset of their total of around 2.4 million. The company is working with the third-party supplier to determine the validity of the claims but have stated no billing or financial data was held on the third party system. TalkTalk continues to prioritize the protection of customer data and is actively addressing this matter.


References :

• Pyrzout :vm:: UK telco TalkTalk confirms probe into alleged data grab underway – Source: go.theregister.com
• ciso2ciso.com: UK telco TalkTalk confirms probe into alleged data grab underway – Source: go.theregister.com
• The Register: UK telco TalkTalk confirms probe into alleged data grab underway Spinner says crim's claims 'very significantly overstated' UK broadband and TV provider TalkTalk says it's currently investigating claims made on cybercrime forums alleging data from the company was up for grabs.…
• ciso2ciso.com: UK telco TalkTalk confirms probe into alleged data grab underway – Source: go.theregister.com
• BleepingComputer: UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged customer data on a hacking forum.
• go.theregister.com: UK telco TalkTalk confirms probe into alleged data grab underway
• Pyrzout :vm:: UK broadband and TV provider TalkTalk says it’s currently investigating claims made on cybercrime forums alleging data from the company was up for grabs.
• www.bleepingcomputer.com: UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged customer data on a hacking forum.
• techcrunch.com: TalkTalk has confirmed it’s investigating a data breach after a hacker claimed to have stolen the personal information of millions of subscribers. However, the telecoms giant says the number of customers allegedly impacted is “wholly inaccurate and very significantly overstated"
• ciso2ciso.com: TalkTalk Confirms Data Breach, Downplays Impact – Source: www.securityweek.com
• Carly Page: TalkTalk has confirmed it’s investigating a data breach after a hacker claimed to have stolen the personal information of millions of subscribers. However, the telecoms giant says the number of customers allegedly impacted is “wholly inaccurate and very significantly overstated"
• ciso2ciso.com: TalkTalk Confirms Data Breach, Downplays Impact

Classification:

• HashTags: #TalkTalk #DataBreach #Cybercrime
• Company: TalkTalk
• Target: TalkTalk Customers
• Product: TalkTalk Customer Data
• Feature: Data exfiltration
• Type: DataBreach
• Severity: Medium