Pierluigi Paganini January 27, 2025

UK telecommunications firm TalkTalk disclosed a data breach after a threat actor announced the hack on a cybercrime forum.

UK telecommunications company TalkTalk confirmed a data breach after a threat actor claimed responsibility for the cyber attack on a cybercrime forum and offered for sale alleged customer data. 

A threat actor named “b0nd” claimed the theft of data of over 18.8 million TalkTalk subscribers’ data, including names, email addresses, IP addresses, phone numbers, and PINs.

The claim of 18.8 million affected TalkTalk customers is doubtful, as the company does not have that many subscribers.

The data breach involved a third-party platform, however the company attempted to downplay the scope of the incident.

TalkTalk announced that the an investigation is ongoing, but the company spokesperson Liz Holloway told TechCrunch that the claim of 18.8 million affected users is “wholly inaccurate and significantly overstated.”

“As part of our regular security monitoring, given our ongoing focus on protecting customers’ personal data, we were made aware of unexpected access to, and misuse of, one of our third-party suppliers’ systems,” Holloway told TechCrunch. “Our Security Incident Response team are continuing to work with the supplier regarding this matter and protective containment steps were taken immediately.”

The telecommunications company is working with the third-party supplier to resolve the issue.

TalkTalk did not name the third-party supplier that was breached by the threat actors, however the image published by b0nd suggests that the data was stolen from the Ascendon SaaS platform used by the telecommunications provider.

CSG admitted that the data published by the threat actors were stolen from their platform, but did not disclose a security breach of their systems. The company also added that only one customer was impacted.

“On Jan. 21, 2025, CSG learned that an external party gained unauthorized access to a single provider’s data residing on a CSG platform,” CSG told BleepingComputer. “We have no evidence that CSG’s technologies and systems were compromised or that CSG was the cause of the unexpected access to the data. CSG provided immediate containment and is actively supporting our customer.”

In 2015, TalkTalk Telecom Group announced that four million subscribers have been impacted by a “sustained cyberattack” that hit its servers.

At the time, threat actors accessed the personal details of over 150,000 customers.  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)