TalkTalk has finally provided some information on the amount and type of information breached in last week's cyber attack, downplaying the size of the incident.
"[Our] responsibility last week was to inform all customers as quickly as possible" began the company's statement, despite the thorough lack of expedition in the company's initial response to the breach, as covered by The Register.
TalkTalk has attempted to downplay the actual size of the breach, stating that "the extent of the data accessed is significantly less than originally suspected".
Round figures released today by TalkTalk explained what the breach was comprised of:
- Less than 21,000 unique bank account numbers and sort codes
- Less than 28,000 obscured credit and debit card details (as previously stated, the middle 6 digits had been removed)
- Less than 15,000 customer dates of birth
- Less than 1.2 million customer email addresses, names and phone numbers
TalkTalk maintains that "the credit and debit card details cannot be used for financial transactions" and states that it has "shared the affected bank details with the major UK banks so they can take their usual actions to protect customers' accounts in the highly unlikely event that a criminal attempts to defraud them".
The Register has created a timeline of TalkTalk's contradictory comments following on from the initial announcement of a website outage.