Personal data of TalkTalk breach victims discovered online

By PrivSec Report2019-05-22T12:57:00+01:00

No comments

In 2015, news broke of a hack on TalkTalk, which compromised the personal data of 155,959 of the telecommunications firm’s customers, including 15,656 who had their bank details hacked.

Reports now reveal that TalkTalk did not notify 4,545 of these customers that their personal data had been stolen, after viewers of the BBC consumer programme, Watchdog Live, contacted the show to complain that their details had been breached.

TalkTalk has underlined that the new complaints relate to the breach from four years ago, and not to any new data breach incident. Subsequent to the complaints, a BBC investigation found that the personal data of 4,500 of the phone company’s customers were available online following a simple search through Google.

Among the items of data exposed were full names, residential addresses, email addresses, birth dates, TalkTalk customer codes, mobile phone numbers and financial details – all data that has probably been online since the original breach.

At the time, the Information Commissioner’s Office (ICO) looked into the situation to conclude that TalkTalk had fallen short in a number of security process standards, with the transgressions eventually earning the company a fine of £400,000.

Responding to the BBC investigation, TalkTalk said that the discovery related to an honest mistake, and that all customers involved had now been contacted and apologised to.

In a statement, TalkTalk said:

“The 2015 incident impacted 4% of TalkTalk customers and at the time, we wrote to all those impacted.

“In addition, we wrote to our entire base to inform them about the breach, advise them about the risk of scam calls and offer free credit monitoring to protect against fraud.

“A recent investigation has shown that 4,545 customers may have received the wrong notification regarding this incident. This was a genuine error and we have since written to all those impacted to apologise. 99.9% of customers received the correct notification in 2015.

“On their own, none of the details accessed in the 2015 incident could lead to any direct financial loss.”

One of the customers caught up in the breach said his phone, email and bank account had come under heavy attack by fraudsters over the last three years, stating:

“I think they’ve failed their customers on a gigantic scale.”

Another victim spoke of her shock of learning that her details had been breached in 2015. She told BBC Watchdog:

“I’ve been asking this question since 2015. I’m suffering now for something that I know nothing, absolutely nothing, about.

“I knew something was not right and I kept insisting and they avoided every single time I asked the question ‘have my details been compromised?’”

Cyber security expert, Scott Helme told BBC Watchdog:

“We’re never going to completely erase this data, but what we can do is try to reduce the impact of having lost the data.

Topics

No comments

Article
US utilities struggling to meet demand of energy-thirsty AI

2024-04-19T11:53:00Z

In the US, demands for power are outstripping availability as energy-thirsty technologies such as generative AI pile pressure on national electrical systems.
Article
Banks poised for increased risk due to AI

2024-04-19T09:06:00Z

A leading banking regulator has issued a stern warning over the risks that financial institutions face as they move to integrate artificial intelligence (AI) and machine learning (ML) into governance operations.
News
Chicago Gears Up for GRC Connect: Sharpen Skills, Network, and Navigate the Future of GRC

2024-04-15T11:39:00Z By Jonathan Sumner, Chief Digital & Marketing Officer, GRC World Forums.

Get ready, Chicago! GRC Connect kicks off tomorrow, bringing together the brightest minds in governance, risk management, and compliance (GRC) for two days of insightful learning, valuable networking opportunities, and expert guidance on navigating the ever-evolving GRC landscape.