Hackers List TalkTalk Customer Data for Sale Following Third-Party Breach

Hackers List TalkTalk Customer Data for Sale Following Third-Party Breach

TalkTalk Investigates Third-Party Data Breach Claims

UK telecommunications giant TalkTalk is currently investigating a potential data breach involving one of its third-party suppliers after customer data appeared for sale on a hacking forum. The incident has raised concerns about customer privacy and data security.

A threat actor, identifying as “b0nd,” claims to possess data from 18.9 million TalkTalk customers, allegedly stolen in January 2025. The advertised data reportedly includes customer names, email addresses, IP addresses, and phone numbers. However, TalkTalk has stated that the claimed number of affected customers is “wholly inaccurate and very significantly overstated.”

Evidence suggests the breach may be linked to CSG’s Ascendon platform, a subscription management service used by TalkTalk. CSG has confirmed unauthorized access to their platform affecting a single provider but maintains their systems were not compromised.

TalkTalk has assured customers that no financial or billing information was compromised in this incident. The company’s Security Incident Response team has implemented immediate protective measures and continues to investigate alongside the affected supplier.

This isn’t TalkTalk’s first security incident; in 2015, the company faced a significant breach affecting 150,000 customers, resulting in a £400,000 fine from the UK Information Commissioner’s Office.

CSG’s Statement: “On Jan. 21, 2025, CSG learned that an external party gained unauthorized access to a single provider’s data residing on a CSG platform. We have no evidence that CSG’s technologies and systems were compromised or that CSG was the cause of the unexpected access to the data.”

Share This Article