Internet service provider TalkTalk has admitted that it suffered a major breach of user information, including customer names, addresses, phone and account numbers.
As reported by The Register, in an email to customers TalkTalk said that it first saw a big increase in malicious scammers claiming to be from TalkTalk at the end of last year. Following an investigation it said some customer information could have been illegally accessed, with scammers quoting these details to customers.
TalkTalk offered advice on scam calls, saying it knows that some customers are currently being targeted by criminal scammers claiming to be from TalkTalk, who have obtained their account and phone number. It also confirmed that no financial data was at risk as it is encrypted on its systems.
It said: “We have reported the matter to the Information Commissioner’s Office and we’re liaising with them and other official bodies, because unfortunately it is not only our customers who are being targeted by scammers.
“We take our customers’ security incredibly seriously, so this is being dealt with at the highest level within TalkTalk and we have put every possible measure in place to try and stop this from happening again.”
Andrew Avanessian, EVP of consultancy and technology services at Avecto, said: “This is yet another reminder that a business is only as secure as the weakest link in its supply chain.
"It is a matter of access in this case. There are still too many businesses giving third parties unnecessary access to their corporate systems, and determined attackers will use these suppliers to gain an initial foothold in the target system.”