Nmedia - Fotolia

TalkTalk data breach hit 155,000 customers

Broadband provider TalkTalk confirms fewer customers than originally feared – some 155,000 – were affected by the data breach in October 2015

TalkTalk has confirmed that more than 155,000 customers had their personal information accessed by hackers as a result of the data breach in October 2015, which is far fewer than first thought.

When details of the TalkTalk website breach started to emerged after the 21 October hack, it was feared that hackers had stolen the personal data of a far higher proportion of the firm’s four million customers.

However, figures released by the broadband provider revealed that the breach affected 156,959 customers. And of those, only 15,656 had their bank account numbers and source codes plundered.

“Our ongoing forensic analysis of the site confirms the scale of the attack was much more limited than initially suspected, and we can confirm that only 4% of TalkTalk customers have any sensitive personal data at risk,” TalkTalk said in a statement on its website.

“However, we continue to advise customers to be vigilant, and to take all precautions possible to protect themselves from scam phone calls and emails.”

The company explained why, given the true scale of the breach, it decided to write to all of its customers, warning them of the risks.

“It was a difficult decision to notify all our customers of the risk before we could establish the real extent of any data loss. We believe we had a responsibility to warn customers ahead of having the clarity we are finally able to give today,” the statement continued.

“The financial information accessed cannot on its own lead to financial loss. We will be contacting all other affected customers in the coming days.”

Confirmation of the scale of the breach comes days after a fourth person – a 16-year-old boy from Norwich – was arrested and bailed in connection with the attack.

Parliamentary inquiry

This followed the arrests of a 16-year-old boy from London, a 15-year-old from Country Antrim in Northern Ireland and a 20-year-old from Staffordshire.

TalkTalk has come under fire from customers for its handling of the breach. Customers flooded social media with complaints about the difficulties they faced when trying to cut ties with the firm on the back of the attack.

The TalkTalk data breach is also set to be picked over by Parliament’s Culture, Media and Sport Committee. On 3 November 2015, the committee announced it would launch an official inquiry into the data breach.

The committee will look into TalkTalk’s incidence response procedures, cyber security strategy and compensatory processes.

“The recent events have highlighted serious issues relating both to existing cyber security and the response to cyber crime,” said the committee’s chair, Jesse Norman MP.

“This committee is concerned with the attacks on TalkTalk specifically as a telecoms and internet provider… and we will also be looking more widely at the security of personal information online.”

Read more about the TalkTalk data breach

Read more on Data breach incident management and recovery