U.K. telecoms giant TalkTalk has confirmed that it is investigating a data breach after a hacker claimed to have stolen the personal information of millions of customers.
In a post on a popular cybercrime forum seen by TechCrunch, an individual using the alias “b0nd” claimed to have stolen the personal data of more than 18.8 million current and former TalkTalk subscribers. This data, which the threat actor is offering for sale, supposedly includes customer names, email addresses, IP addresses, phone numbers and subscriber PINs.
In a statement to TechCrunch, TalkTalk spokesperson Liz Holloway confirmed the company is investigating the data breach, but said the 18.8 million figure claimed by the hacker is “wholly inaccurate and very significantly overstated.”
TechCrunch understands that TalkTalk currently has approximately 2.4 million customers.
“As part of our regular security monitoring, given our ongoing focus on protecting customers’ personal data, we were made aware of unexpected access to, and misuse of, one of our third-party suppliers’ systems,” Holloway told TechCrunch. “Our Security Incident Response team are continuing to work with the supplier regarding this matter and protective containment steps were taken immediately.”
Holloway declined to name the third-party supplier, but screenshots shared by b0nd suggest the data was stolen from CSG’s Ascendon platform, which TalkTalk uses for subscription management.
CSG did not immediately respond to TechCrunch’s questions.
TechCrunch understands that the personal details of a small subset of TalkTalk customers are stored in Ascendon. Holloway confirmed to TechCrunch that “no billing or financial information was stored on this system.”
TalkTalk was previously fined £400,000 after a 2015 data breach in which hackers stole the personal data of 157,000 customers, including some financial information. The U.K.’s Information Commissioner said at the time that TalkTalk had failed to implement “the most basic cyber security measures,” enabling hackers to “penetrate its systems with ease.”
