TalkTalk is facing further embarrassment over its data security measures following the arrest of three employees at its outsourced call centre in India, on suspicion of stealing personal information in an effort to scam UK customers.
It is alleged that the three staff stole data from TalkTalk’s CRM system while working for Indian outsourcing giant Wipro to contact subscribers while pretending to be TalkTalk customer support.
One TalkTalk customer told the Guardian: “They had all the details you would expect TalkTalk to have at hand, including name, address, phone number and TalkTalk account number. The guy really sounded like he was in a TalkTalk call centre.”
The scammers then attempted to direct him to a “technical support” website where, it is believed, he would have been tricked into downloading malware onto his computer. The customer, however, says that he became suspicious when the scammer was unable to answer simple questions.
“I checked his name, job title and office location. I also asked if I could call back TalkTalk myself and be transferred to another representative. I tried to cut the call there, but I was then subjected to threats about what might happen if I hung up, including the possibility that my computer would blow up and kill me.”
The issue was first raised in a Channel 4 investigation which tracked down one of the scammers to Kolkata, the city where Wipro handles its contract with TalkTalk. “Wipro’s name came up in the course of my investigation into her case, and now it seems Indian police are extending their inquiry into the firm,” the Channel 4 claimed.
Despite constant reassurances that its data has not been compromised TalkTalk customers have complained for more than a year that they have been plagued by rogue calls from people with inside information, including names, addresses and account numbers, claiming to be “technical support”.
TalkTalk, which is now threatening to scrap its Wipro contract, said in a statement: “Following the October 2015 cyber attack, we have been conducting a forensic review to ensure that all aspects of our security are as robust as possible, including that of our suppliers.
“As part of the review, we have been working with Wipro, one of our suppliers, and the local police in Kolkata. Acting on information supplied by TalkTalk, the local police have arrested three individuals who have breached our policies and the terms of our contract with Wipro.”
Last year’s hack attack was one of the most high profile breaches to ever hit a UK company. Initially it was feared that over 4 million customers could have been affected. However, following an internal investigation, it was discovered that “just” 156,959 customer accounts had been compromised.
Five British people have now been arrested over the incident.
Coppers told TalkTalk to keep schtum over breach
Firms must wake up to EU data breach rules – or else
Police seize teenager over TalkTalk ransom demand
Experian and TalkTalk put aside £50m – and counting
TalkTalk chief hits back: we’re just the punchball
TalkTalk under fire as 4m customers hit by hack