Four million customers of one of the U.K.’s leading mobile and broadband providers woke up Friday to learn that their personal data may now be in the hands of cybercriminals.
Revealing details of the breach late Thursday, the company said it took its website offline the previous day after spotting early indications of a cyberattack. A subsequent investigation pointed to a “significant and sustained attack” on the site, leading to a TalkTalk announcement admitting hackers may have stolen customer data that includes names, addresses, dates of birth, bank and credit card details, phone numbers, and email addresses.
“It is conceivable that all four million customers’ data has been stolen, clearly that’s a possibility,” TalkTalk CEO Dido Harding told BBC Radio Thursday night.
Harding said the police are now investigating the incident with the support of cybercrime specialists, adding that the company was in the process of contacting its customers by both email and letter to inform them of the hack and explain what action it’s taking in response.
The CEO urged anyone with a TalkTalk account to notify their banks, and keep an eye on transactions associated with their bank accounts and credits cards over the coming weeks and months. Customers should also change their TalkTalk password, and also on other sites where the same password was used. The advice took on added importance on Friday morning when Harding said she was unable to confirm whether the data had been encrypted.
She added that her company is working to to set up free credit monitoring for all its customers in the next few days.
With two other cyberattacks targeting the company’s servers in the last 12 months, anxious TalkTalk customers will be scratching their heads wondering how the company could’ve allowed it to happen a third time, with the latest breach possibly the most serious of them all.
A breach toward the end of last year led to a number of TalkTalk customers receiving scam calls in which the stolen information was used to trick them into thinking they were being made by real TalkTalk staff. Some were persuaded to hand over their bank details or sign up to unnecessary software and services, the BBC reported at the time.