UK telecommunications firm TalkTalk is investigating a third-party provider information breach after a risk actor started promoting alleged buyer information on a hacking discussion board.
“As a part of our common safety monitoring, given our ongoing deal with defending prospects’ private information, we have been made conscious of sudden entry to, and misuse of, one in every of our third-party provider’s methods, nevertheless, no billing or monetary info was saved on this technique,” TalkTalk instructed BleepingComputer.
“Our Security Incident Response group are persevering with to work with the provider relating to this matter and protecting containment steps have been taken instantly.”
“Our investigations are ongoing, nevertheless we are able to verify that the variety of potential prospects referred to in sure on-line posts is wholly inaccurate and really considerably overstated.”
This assertion comes after somebody named “b0nd” started promoting what they declare is TalkTalk buyer information on a hacking discussion board that was allegedly stolen in a January 2025 information breach.
“As the title says right this moment we are going to listing on the market a big information breach involving TalkTalk. This breach occurred January 2025 and impacts 18,839,551 present and former prospects.” reads the publish to a hacking discussion board.
Source: BleepingComputer
The risk actor additionally shared a pattern of the information, which incorporates the subscriber’s identify, electronic mail, last-used IP tackle, enterprise telephone quantity, and residential telephone quantity.
While the discussion board publish says the stolen information accommodates details about nearly 18.9 million present and former TalkTalk prospects, the corporate doesn’t have almost that variety of subscribers, placing the authenticity of the breach doubtful.
Furthermore, the screenshots shared by the risk actor point out that the information was presumably stolen from the Ascendon SaaS platform relatively than straight from TalkTalk.
CSG Ascendon is a subscription administration platform that TalkTalk has traditionally used as a part of its operations.
In 2015, TalkTalk suffered an information breach the place hackers accessed the private particulars of over 150,000 prospects. The incident led to a £400,000 wonderful by the UK Information Commissioner’s Office.
BleepingComputer contacted the CSG to verify in the event that they suffered a breach however has not obtained a reply.