The British Internet Service Provider TalkTalk discloses possible breach and admits some data are not encrypted. The investigation is still ongoing.

Another illustrious victim of a data breach is in the headlines, TalkTalk Telecom Group plc has announced that four million subscribers may have been impacted by a “sustained cyberattack” that hit its servers.

TalkTalk Telecom Group plc is a British ISP which offers pay television, telecommunications, internet access, and mobile network services to businesses and consumers in the United Kingdom.

According to the company personal and financial information, including bank details, have been exfiltrated by the threat actors. This mean that four million subscriber’s records containing names, home addresses, dates of birth, phone numbers, email addresses, bank account info and credit card numbers have been compromised by the hackers. The bad news is that TalkTalk also admitted that not all of the data potentially compromised was encrypted.

The TalkTalk company took down its website two days, officially reporting a broadband outage.

“The TalkTalk website is unavailable right now. Sorry we are currently facing technical issues, our engineers are working hard to fix it. We apologise for any inconvenience this may cause.” stated the TalkTalk website.

A few hours ago TalkTalk issued an official statement informing the customers the Met Police Cyber Crime Unit has launched a criminal investigation “following a significant and sustained cyberattack on our website.”

“Today (Thursday 22nd October), a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyberattack on our website yesterday. That investigation is ongoing, but unfortunately there is a chance that some of the following data has been compromised: names, addresses, date of birth, phone numbers, email addresses, TalkTalk account information, credit card details and/or bank details. ” report the statement.

The TalkTalk CEO, Dido Harding, declared that its company gives a great importance to customers’ security, the company “constantly updates its systems” to protect against the “rapidly evolving threat of cyber crime.”

In response to the attack, the company is contacting its customers to provide the necessary support to avoid any abuse, the company will probably offer one-year of credit monitoring to all customers.

“As soon as we realized the website was under attack, we pulled the site down in an effort to protect data…As a further precautionary measure, we contacted our customers straight away to warn them of the potential risk and provide advice on what to do.” said Harding.  

This is not the first time that crooks target the TalkTalk company, earlier this year scammers conducted a series of social engineering attacks on its customers in an attempt to convince them to provide their bank account details.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – TalkTalk, data breach)