UK telecommunications firm TalkTalk is investigating a third-party provider information breach after a risk actor started promoting alleged buyer information on a hacking discussion board.
“As part of our regular security monitoring, given our ongoing focus on protecting customers’ personal data, we were made aware of unexpected access to, and misuse of, one of our third-party supplier’s systems, however, no billing or financial information was stored on this system,” TalkTalk instructed BleepingComputer.
“Our Security Incident Response team are continuing to work with the supplier regarding this matter and protective containment steps were taken immediately.”
“Our investigations are ongoing, however we can confirm that the number of potential customers referred to in certain online posts is wholly inaccurate and very significantly overstated.”
This assertion comes after somebody named “b0nd” started promoting what they declare is TalkTalk buyer information on a hacking discussion board that was allegedly stolen in a January 2025 information breach.
“As the title says today we will list for sale a large data breach involving TalkTalk. This breach took place January 2025 and affects 18,839,551 current and previous customers.” reads the publish to a hacking discussion board.
Supply: BleepingComputer
The risk actor additionally shared a pattern of the info, which incorporates the subscriber’s title, e-mail, last-used IP deal with, enterprise telephone quantity, and residential telephone quantity.
Whereas the discussion board publish says the stolen information accommodates details about virtually 18.9 million present and former TalkTalk clients, the corporate doesn’t have practically that variety of subscribers, placing the authenticity of the breach unsure.
Moreover, the screenshots shared by the risk actor point out that the info was probably stolen from the Ascendon SaaS platform quite than instantly from TalkTalk.
CSG Ascendon is a subscription administration platform that TalkTalk has traditionally used as a part of its operations.
In 2015, TalkTalk suffered an information breach the place hackers accessed the non-public particulars of over 150,000 clients. The incident led to a £400,000 effective by the UK Info Commissioner’s Workplace.
BleepingComputer contacted the CSG to substantiate in the event that they suffered a breach however has not obtained a reply.
