Technology, Top News

TalkTalk failed to inform 4,500 customers about 2015 mega-breach

TalkTalk failed to inform 4,500 customers about 2015 mega-breach

TalkTalk is still failing at basic security

AN INVESTIGATION has revealed that TalkTalk failed to inform more than 4,500 customers affected by its 2015 mega-breach that their personal information had been compromised. 

A probe carried out by the BBC‘s Watchdog show found that the compromised information of 4,545 TalkTalk customers, including bank account details, was available online and easily uncovered by a Google search.

The consumer-complaints show carried out the investigation after being contacted by customers concerned that their data had been involved in the data breach, even though TalkTalk told them that they hadn’t been affected.

The BBC notes that the readily-available breached information, which also included TalkTalk customers’ full names, addresses, email addresses, dates of birth, customer numbers, mobile numbers, have likely been online since the breach.  

When presented with the findings of the BBC investigation, TalkTalk said it was a genuine error and that it has since written to all impacted customers to apologise.

While TalkTalk has yet to respond to INQ‘s request for comment, the firm told the BBC: “The 2015 incident impacted 4 per cent of TalkTalk customers and at the time, we wrote to all those impacted.

“In addition, we wrote to our entire base to inform them about the breach, advise them about the risk of scam calls and offer free credit monitoring to protect against fraud.

“A recent investigation has shown that 4,545 customers may have received the wrong notification regarding this incident. This was a genuine error and we have since written to all those impacted to apologise. 99.9 per cent of customers received the correct notification in 2015.

“On their own, none of the details accessed in the 2015 incident could lead to any direct financial loss.”

The TalkTalk breach first made headlines back in October 2015, when it was revealed that hackers made off with the personal data of 156,959 customers including names, addresses, dates of birth, phone numbers and email addresses. The attacker also had access to bank account details and sort codes in 15,656 cases.

In October the following year, the telecoms firm was whacked with a record £400,000 fine courtesy of the Information Commissioner’s Office (ICO), which slammed TalkTalk  for “failing to properly scan” its infrastructure for potential threats and for being unaware that the installed version of the database software was outdated and no longer supported by the provider. µ

Further reading

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend