TalkTalk data hack customer details found online

talk talk breach

In 2015, a TalkTalk data breach saw the personal information of 157,000 customers stolen. And, in a new twist, BBC Watchdog Live revealed that the company failed to inform 4,545 TalkTalk customers that their data was taken as part of the breach. This includes bank account details.

Making matters worse, BBC researchers found details for many customers online after a simple Google search. This information included full names, addresses, email addresses, dates of birth, TalkTalk customer numbers, mobile numbers and bank details. This information could have been accessible online since the breach.

According to the BBC, viewers contacted Watchdog Live as they were concerned that their details had been breached by TalkTalk. However, the telecom group said that their details were not compromised.

The ICO has already fined TalkTalk

In 2015, TalkTalk spotted issues with its website and immediately launched an investigation before warning customers. However, the Information Commissioner’s Office (ICO) found that that insufficient security at the company permitted customer data to be accessed “with ease”. The ICO also said that TalkTalk could have prevented the data breach if it had taken basic steps to protect its customers’ information.

According to the ICO: “For no good reason, TalkTalk appears to have overlooked the need to ensure it had robust measures in place despite having the financial and staffing resources available”.

In response, the ICO fined TalkTalk £400,000. Two friends from Staffordshire (aged just 21 and 23), breached the TalkTalk website as part of a group of hackers. They have since gone to jail.

Is this a new TalkTalk data breach?

The customer data found by BBC Watchdog Live appears to relate to 2015 data breach. So it is not a new incident.

TalkTalk claims that the historical privacy violation was a genuine error. It also said that it had written to all impacted customers to apologise. And that it wrote to its entire base to inform them about the breach, and advised them about the risk of scam calls. TalkTalk also offered free credit monitoring to protect against fraud.

But, it now looks like 4,545 customers may have received the wrong notification regarding this incident.

Are these customers at risk?

TalkTalk claims that “on their own, none of the details accessed in the 2015 incident could lead to any direct financial loss.”

But our data protection experts would strongly disagree. Savvy cybercriminals can easily piece together a profile by collecting different information from different sources.

Security experts have also confirmed that, with this information, criminals could:

  • Sign up for services
  • Set up direct debits
  • Purchase goods on their victim’s behalf.

Fraudsters could also use this data to carry out a phishing attempt. For example, by pretending to be the victim’s bank to gain more information about them.

The data breached by Talk Talk was extremely sensitive. And the lack of care shown by the company continues to be worrying.

Data breaches can be extremely traumatic

A data breach can cause severe stress and anxiety for victims.

Alan’s TalkTak case

For example, BBC Watchdog Live highlights the case of one man called Alan.* Alan has had his phone, email and bank account bombarded with a series of fraudulent attacks since the Talk Talk hack. Even if these attacks are unsuccessful, this is an extremely distressing situation to be in. So it’s no wonder that Alan feels that TalkTalk has failed its customers “on a gigantic scale”.

According to the BBC, “Whilst Alan will never know if the attacks were a direct result of the TalkTalk data breach, he feels the details leaked are enough to allow fraudsters to impersonate him.”

Maureen’s TalkTalk case

Watchdog also spoke to Maureen.* Maureen was shocked to discover that her details were breached in 2015. Not least because TalkTalk told her that her details had not been stolen. In fact, despite raising concerns with TalkTalk on multiple occasions, she was repeatedly reassured that her information had not been compromised.

Watchdog Live’s investigation found Maureen’s sensitive data through a simple online search.

What happens now?

If the data has come from TalkTalk, then it is vital that the company looks to put right the harm this continued failure has caused its customers. Simply contending that the breach is old news is not good enough.

Watchdog has spoken to many people affected by the TalkTalk data breach. Many of who have been subject to “frequent scam calls”. And in some cases “attempted fraud and identity theft, impacting their credit rating”.

Hayes Connor Solicitors can help

Our expert, online fraud and data protection solicitors will advise you on whether you have a valid data breach compensation claim against TalkTalk. We will also answer any questions you might have.

Our initial assessment is always free. Keeping you fully informed we will also notify you about your legal rights when making a claim.


*Not their real names