Broadband provider’s investigation has found number of accounts accessed in hack was much lower than first thought
TalkTalk’s investigation into its third hack this year has found less than 157,000 accounts were accessed – much lower than the four million first believed to have been put at risk during the cyber attack on October 21.
An investigation into the attack launched by the broadband provider and the Metropolitan Police found that 15,656 bank account numbers and sort codes had been accessed.
28,000 obscured credit and debit card numbers that were accessed cannot be used for financial transactions, TalkTalk added in its latest update.
In its statement, TalkTalk said: “Our ongoing forensic analysis of the site confirms that the scale of the attack was much more limited than initially suspected, and we can confirm that only four per cent of TalkTalk customers have any sensitive personal data at risk. However, we continue to advise customers to be vigilant, and to take all precautions possible to protect themselves from scam phone calls and emails.
“It was a difficult decision to notify all our customers of the risk before we could establish the real extent of any data loss. We believe we had a responsibility to warn customers ahead of having the clarity we are finally able to give today.”
The hack on TalkTalk’s website was the third time it had been the victim of a cyber attack this year, and was followed by similar attacks on Vodafone and Marks and Spencer.
Four people have been arrested in connection with the attack, including boys aged 15, two aged 16 and a 20 year old male. All have been released on bail.
MPs have launched an investigation into the attack, and invited the public to respond to the wider implications for telecoms and internet service providers.