TalkTalk’s calamitous data breach has come back to bite it on the backside following claims that thousands of customers’ personal details – compromised in the 2015 hack attack – have been discovered online through a simple Google search.
The issue has been uncovered by BBC Watchdog Live, after customers told the show that they had contacted TalkTalk only to be told their data had not been compromised.
For the last two years Alan, not his real name, has had his phone, email and bank account bombarded with a series of fraudulent attacks. Alan said he felt “extremely uncomfortable” after Watchdog Live showed him that they were able to find his bank account number, sort code and other personal information online. “I think they’ve failed their customers on a gigantic scale,” he said.
In fact, TalkTalk failed to inform 4,545 customers their personal information, including full names, addresses, email addresses, dates of birth, TalkTalk customer numbers, mobile numbers and bank details had been stolen as part of the 2015 data breach.
In a statement, TalkTalk said: “The customer data referred to by BBC Watchdog relates to the historical October 2015 data breach. It is not a new incident.
“The 2015 incident impacted 4% of TalkTalk customers and at the time, we wrote to all those impacted. In addition, we wrote to our entire base to inform them about the breach, advise them about the risk of scam calls and offer free credit monitoring to protect against fraud.
“A recent investigation has shown that 4,545 customers may have received the wrong notification regarding this incident. This was a genuine error and we have since written to all those impacted to apologise. 99.9% of customers received the correct notification in 2015.
“On their own, none of the details accessed in the 2015 incident could lead to any direct financial loss.”
TalkTalk first became aware of “latency issues” on its website early on October 21 2015 and launched an investigation. It later emerged that personal details of nearly 157,000 customers had been accessed, including bank account numbers and sort codes of over 15,000 customers.
In the aftermath of the attack, then-CEO Dido Harding had claimed the company’s data security was “head and shoulders above rivals” but, in 2016, TalkTalk was slapped with a £400,000 fine by the Information Commissioner’s Office for security failings that allowed hackers to access sensitive customer data direct from its systems “with ease”.
The ICO’s investigation found that the attack could have been prevented if TalkTalk had taken basic steps to protect customers’ information. Ultimately, The breach cost the company £77m.
Duo jailed for 18 months for £77m TalkTalk hack attack
Midlands duo face jail after fessing up to TalkTalk hack
TalkTalk chief bows out ‘after seven fulfilling years’
17-year-old lad pleads guilty to TalkTalk ‘car crash’
TalkTalk could have faced £70m fine under GDPR
TalkTalk rocked by record £400k fine for data breach
TalkTalk flayed over brutal treatment of pensioner
TalkTalk hits back at ‘worst customer service’ claim
TalkTalk claims bounceback despite slump in profits