Image: © red2000/Stock.adobe.com
The alleged hacker claims to have stolen nearly 19m customers’ data, but TalkTalk has a much smaller customer base.
UK telecommunications company TalkTalk is investigating a third-party supplier data breach, after an alleged threat actor said they would offer the stolen personal information of nearly 19m customers for sale.
However, the company raised doubts about the alleged hacker’s claims, informing news outlets that while they were made aware of access to and misuse of their third-party supplier’s systems, no billing or financial information was stored on in it.
“Our Security Incident Response team are continuing to work with the supplier regarding this matter and protective containment steps were taken immediately,” TalkTalk, which serves approximately 2.5m customers, told outlets.
“Our investigations are ongoing, however we can confirm that the number of potential customers referred to in certain online posts is wholly inaccurate and very significantly overstated.”
On 23 January, the alleged hacker, named ‘b0nd’, posted their claims on a hacking forum, writing: “As the title says today we will list for sale a large data breach involving TalkTalk. This breach took place January 2025 and affects 18,839,551 current and previous customers.”
Moreover, the hacker shared screenshots with a sample of the stolen data – including the subscriber’s name, email and last-used IP address – which showed that CSG Ascendon is the third-party subscription management platform where the data breach seems to have originated from.
Although, CSG Ascendon informed outlets that while the stolen data originated from their platform, the company did not suffer a breach, and that the hack impacted only one customer.
“Based on various dark web forum postings, it appears the threat actor has gained access to one or multiple CSG Ascendon subscription management platform tenants, some of which provide reports showing stored PINs in plain text (best practice dictates these be encrypted),” explained Cory Michal, the chief security officer at SaaS security company, AppOmni.
“It looks like the threat actor has some 4m records of data, including PIN, name, email, IP address and subscriber phone, in various combinations.
“b0nd is a relatively new account on the forum where the sale was posted, with the first post being on January 19 offering a Rust-based RAT for $30,000. The actor is now reposting full breach dumps from previous attacks to try and gain credibility on the account,” he said.
However, he warned that one of the screenshots b0nd posted also claims to have data from ‘Netflix Bundle Activations’, which he said “is something else to watch for.”
TalkTalk was hit with a £400,000 fine in 2016 for having poor website security that led to the theft of personal data of 157,000 customers in a cyber incident the year before.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
