The British telecommunications giant Talkalk has confirmed that he is investigating a data violation after a computer pirate claimed to have stolen the personal information of millions of clients.
In a publication in a popular cybercrime forum seen by britcommerce, an individual who used the alias “B0nd” said he had stolen the personal data of more than 18.8 million current and previous subscribers of Talktalk. These data, which the threat actor offers for sale, supposedly include customer names, email addresses, IP addresses, telephone numbers and subscriber pin.
In a statement to britcommerce, Talktalk spokeswoman Liz Holloway, confirmed that the company is investigating data violation, but said that the 18.8 million figure claimed by the hacker is “totally inaccurate and very exaggerated.”
britcommerce understands that TalkTalk currently has approximately 2.4 million customers.
“As part of our regular security monitoring, given our continuous approach to protecting customer data, they informed us about unexpected access and improper use of one of the systems of our external suppliers,” Holloway told britcommerce. “Our safety incident response team continues to work with the supplier with respect to this matter and immediate containment protective measures were taken.”
Holloway refused to appoint the external supplier, but the screenshots shared by B0ND suggest that the data were stolen from the Ascendon of CSG platform, which TalkTalk uses for subscription management.
CSG did not immediately answer britcommerce’s questions.
britcommerce understands that the personal data of a small subset of Talktalk customers are stored in Ascenon. Holloway confirmed to britcommerce that “no financial or billing information was stored in this system.”
Talktalk previously received a fine of £ 400,000 after a data violation in 2015 in which computer pirates stole the personal data of 157,000 clients, including certain financial information. The United Kingdom information commissioner said at that time that Talkalk had not implemented “the most basic cyber security measures”, which allowed computer pirates “to penetrate their systems easily.”