TalkTalk, the UK’s fourth biggest ISP, has suffered another breach of security in the wake of a co-ordinated attack by hackers. Here’s everything we know so far and what you should do.
Have my personal details been affected?
TalkTalk has now confirmed that the number of customers whose personal details have been accessed is 156,959.
Additionally, 15,656 bank account numbers and sort codes were accessed along with ‘less than’ 15,000 dates of birth and 8,000 credit and debit card numbers.
The ISP has contacted all of these customers and is continuing to advise them on how to stay safe and avoid phishing attacks – where scammers phone up impersonating TalkTalk personell in an attempt to ‘fish’ sensitive information. TalkTalk says that it never contacts customers over the phone or via email to confirm such details. If you get someone calling you up claiming to represent ‘TalkTalk’ it’s highly likely that they’re trying to scam you.
TalkTalk MyAccount passwords have not been hacked, so customers who use this to check their bills can relax.
As TalkTalk doesn’t store unencrypted credit or debit card details, any leaked card information will be of little use to hackers.
All the same, TalkTalk is advising customers to closely monitor their bank accounts online and report any suspicious activity to Action Fraud on 0300 123 2040 or visit the Action Fraud site.
Will TalkTalk staff get in touch over the phone?
Related: No more MAC codes as Ofcom streamlines switching broadband and home phone and How to create a strong passwordNo. TalkTalk has made it abundantly clear that they will never contact customers over the phone and they will never ask for personal details or passwords?
Regard all calls of this nature as suspicious. If possible, make a note of the number and let the police know via Action Fraud, but do not confirm anything with them, even your name and hang up as soon as you can.
What else is TalkTalk doing?
The embattled ISP is offering customers 12 months’ free credit reference check with Noddle.
This will let you sign up for credit monitoring alerts, letting you see if the hack has affected your ability to apply for loans and credit cards.
Sources close to the matter have told Recombu that a statement is currently being prepared by TalkTalk which could shed light on this.
Should I change my bank details?
TalkTalk says that it doesn’t store unencrypted credit or debit card data, so any card details which have been accessed will have had the middle six digits blanked out, meaning it might appear as 012345XXXXXX6789.
As of Monday, October 21, TalkTalk says: “We now expect the amount of financial information that may have been accessed to be materially lower than initially believed and would on its own not enable a criminal to take money from your account.”
That said, there’s nothing stopping you from changing your account details and updating things like passwords for online banking, if you make use of that.
Any data stolen last week will have undoubtedly been sold on, so changing your bank details could frustrate any future attempts to access your accounts. You should regularly change your passwords anyway (and never use the same password for different things) so if you’ve not done this recently, now is as good a time as any.
Can I leave my TalkTalk contract without penalty?
As TalkTalk has yet to confirm how many customers have been affected it’s impossible to say. It would depend on a case-by-case basis. If none of your data has been leaked, then you wouldn’t have grounds to leave your contract early.
If you believe that you’ve suffered as a result of the latest TalkTalk data hack, then you may have grounds to claim compensation.
You can complain directly to TalkTalk and ask for compensation if you think you have grounds. If this doesn’t work, you can take your case to Ombudsman Services.
TalkTalk has yet to release a statement or clarify the situation. We will update once we know more.