TalkTalk downplays extent of breach damage, gives extra details

Credit cards 'cannot be used for financial transactions'

Dido Harding, Chief Executive of TalkTalk

TalkTalk has finally provided some information on the amount and type of information breached in last week's cyber attack, downplaying the size of the incident.

"[Our] responsibility last week was to inform all customers as quickly as possible" began the company's statement, despite the thorough lack of expedition in the company's initial response to the breach, as covered by The Register.

TalkTalk has attempted to downplay the actual size of the breach, stating that "the extent of the data accessed is significantly less than originally suspected".

Round figures released today by TalkTalk explained what the breach was comprised of:

  • Less than 21,000 unique bank account numbers and sort codes
  • Less than 28,000 obscured credit and debit card details (as previously stated, the middle 6 digits had been removed)
  • Less than 15,000 customer dates of birth
  • Less than 1.2 million customer email addresses, names and phone numbers

TalkTalk maintains that "the credit and debit card details cannot be used for financial transactions" and states that it has "shared the affected bank details with the major UK banks so they can take their usual actions to protect customers' accounts in the highly unlikely event that a criminal attempts to defraud them".

To date, two teenage suspects, a 15-year-old and a 16-year-old, have been arrested in connection with the incident.®

The Register has created a timeline of TalkTalk's contradictory comments following on from the initial announcement of a website outage.




Biting the hand that feeds IT © 1998–2018