TalkTalk investigates breach after data for sale on hacking forum
TalkTalk Data Breach Investigation
As of January 25, 2025, UK telecommunications company TalkTalk is investigating a potential data breach involving one of its third-party suppliers. Here are the key details from the latest reports:
Allegations and Investigation
A threat actor using the handle "b0nd" has posted on a hacking forum, claiming to have stolen data from TalkTalk. The post alleges that the breach occurred in January 2025 and affects 18,839,551 current and previous customers15.
TalkTalk has confirmed that it is investigating these claims. The company stated that the alleged breach involves a third-party supplier's system, but emphasized that no billing or financial information was stored on this system. TalkTalk's Security Incident Response team is working with the supplier to address the issue and has taken immediate protective containment steps15.
Data Involved
The data allegedly stolen includes subscribers' names, email addresses, last-used IP addresses, business phone numbers, and home phone numbers. However, TalkTalk has disputed the scale of the breach, stating that the number of potential customers affected is "wholly inaccurate and very significantly overstated"15.
Platform in Question
The data was possibly stolen from the Ascendon SaaS platform, which is a subscription management platform used by TalkTalk. This suggests that the breach may not have been a direct attack on TalkTalk's systems but rather on one of its external service providers15.
Historical Context
This is not the first significant data breach for TalkTalk. In 2015, the company suffered a major breach that exposed the personal details of over 150,000 customers, resulting in a £400,000 fine from the UK Information Commissioner's Office. However, the current investigation is not related to this previous incident15.
Authenticity and Scale
The authenticity of the breach and the scale of the affected customers are in doubt. TalkTalk does not have nearly 18.9 million subscribers, which casts doubt on the claims made by the threat actor. The actual number of customers handled by the affected platform is significantly lower, estimated to be a subset of TalkTalk's total customer base of around 2.4 million15.
