UK telecommunications firm TalkTalk is investigating a third-party provider knowledge breach after a menace actor started promoting alleged buyer knowledge on a hacking discussion board.
“As a part of our common safety monitoring, given our ongoing concentrate on defending prospects’ private knowledge, we had been made conscious of sudden entry to, and misuse of, considered one of our third-party provider’s techniques, nevertheless, no billing or monetary info was saved on this technique,” TalkTalk instructed BleepingComputer.
“Our Safety Incident Response crew are persevering with to work with the provider relating to this matter and protecting containment steps had been taken instantly.”
“Our investigations are ongoing, nevertheless we are able to affirm that the variety of potential prospects referred to in sure on-line posts is wholly inaccurate and really considerably overstated.”
This assertion comes after somebody named “b0nd” started promoting what they declare is TalkTalk buyer knowledge on a hacking discussion board that was allegedly stolen in a January 2025 knowledge breach.
“Because the title says at this time we’ll record on the market a big knowledge breach involving TalkTalk. This breach happened January 2025 and impacts 18,839,551 present and former prospects.” reads the submit to a hacking discussion board.
Supply: BleepingComputer
The menace actor additionally shared a pattern of the info, which incorporates the subscriber’s title, e-mail, last-used IP deal with, enterprise telephone quantity, and residential telephone quantity.
Whereas the discussion board submit says the stolen knowledge accommodates details about virtually 18.9 million present and former TalkTalk prospects, the corporate doesn’t have almost that variety of subscribers, placing the authenticity of the breach doubtful.
Moreover, the screenshots shared by the menace actor point out that the info was probably stolen from the Ascendon SaaS platform fairly than straight from TalkTalk.
CSG Ascendon is a subscription administration platform that TalkTalk has traditionally used as a part of its operations.
In 2015, TalkTalk suffered an information breach the place hackers accessed the non-public particulars of over 150,000 prospects. The incident led to a £400,000 advantageous by the UK Data Commissioner’s Workplace.
BleepingComputer contacted the CSG to verify in the event that they suffered a breach however has not obtained a reply.
