TalkTalk has admitted to a major breach of sensitive user information, which may have led to some customers handing over bank data to hackers.
In an email to subscribers, the company said it first saw a big increase in malicious scammers claiming to be from TalkTalk at the end of last year.
The budget telco said that – following an investigation – some of its subscriber information, such as names, addresses, phone and account numbers, could have been illegally accessed, with scammers quoting these details to customers.
Consequently, a small number may have revealed more in-depth information, such as bank details. In some of these cases we know they may be using the information they have illegally obtained, the telecoms and services provider said.
At TalkTalk we take our customers' security very seriously and we take numerous measures to help keep our customers safe. Yet sadly in every sector, criminal organisations using phone and email scams are on the rise.
As part of our ongoing approach to security we continually test our systems and processes ... following further investigation into these reports, we have now become aware that some limited, non-sensitive information about some customers could have been illegally accessed in violation of our security procedures.
We are aware of a small, but nonetheless significant, number of customers who have been directly targeted by these criminals and we have been supporting them directly.
We want to reassure customers that no sensitive information, such as bank account details, has been illegally accessed, and TalkTalk Business customers are not affected.
The company said it was liaising with UK data watchdog the Information Commissioner's Office and was writing to all of its customers to offer advice about the criminal activity.
An ICO spokesperson said: “We are aware of a possible data breach involving TalkTalk and are making enquiries into the circumstances.” ®