UK triple-play communications provider TalkTalk has admitted that 'some limited, non-sensitive information' on its customers has been obtained in a breach, warning its users to be on their guard against scammers.
Ahead of the Guardian
publishing a piece detailing what it claimed to be a 'major data breach
' at the company, TalkTalk sent an email to its four million customers warning that selected information had been stolen in an as-yet undetailed attack. 'We have now become aware that some of the information we have about some customers – their name, home address, phone number and TalkTalk account number – could have been illegally accessed in violation of our security procedures by malicious scammers,
' the company's warning reads. 'Please rest assured that your sensitive information of date of birth, bank, or credit card details have not been illegally accessed.
While payment details may not have been part of the data stolen, that hasn't protected TalkTalk's customers from financial loss. The Guardian reports on several customers who were contacted by people claiming to be from TalkTalk and quoting the customer's name, TalkTalk telephone number, address and account number. These fraudsters then encouraged the installation of malicious software onto the customers' machines, in the guise of troubleshooting, which was then used to steal banking details and transfer money to third-party accounts.
'We have taken urgent and serious steps,
' the company has told its customers, 'and in the meantime we would please ask that you take extra care when anyone rings or emails you claiming to be from TalkTalk, or indeed any other organisation, asking for personal details.
' The Guardian has indicated that neither TalkTalk nor the banks in question are taking responsibility for any losses, and are not looking to refund customers who have been scammed in this way.
The data is believed to have been taken in an attack on the company's network back in December
, with TalkTalk blaming an overseas third-party contractor for the security breach.