TalkTalk Confirms Data Breach via Third-Party Platform
UK telecommunications provider TalkTalk has acknowledged a data breach after a threat actor, identified as "b0nd," claimed responsibility on a cybercrime forum. The attacker alleged the theft of data belonging to over 18.8 million subscribers, including names, email addresses, IP addresses, phone numbers, and PINs. However, TalkTalk dismissed the claim as "wholly inaccurate," stating the company does not have that many customers.
The breach originated from a third-party platform, though TalkTalk has not disclosed the supplier’s name. Evidence suggests the compromised system was CSG’s Ascendon SaaS platform, which TalkTalk uses for services. CSG confirmed unauthorized access to a single provider’s data but denied a broader breach of its systems, stating that its own infrastructure remained secure.
TalkTalk’s spokesperson, Liz Holloway, confirmed that the company detected the incident during routine security monitoring and took immediate containment measures. An investigation is ongoing, with TalkTalk collaborating with the affected supplier to resolve the issue.
This is not the first major breach for TalkTalk. In 2015, the company suffered a cyberattack that exposed the personal details of 150,000 customers, with an estimated four million subscribers impacted at the time. The latest incident underscores the risks of third-party vulnerabilities in supply chain security.
Source: https://securityaffairs.com/173526/cyber-crime/talktalk-confirms-data-breach.html
TalkTalk cybersecurity rating report: https://www.rankiteo.com/company/talktalk
"id": "TAL1780937547",
"linkid": "talktalk",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '18.8 million (claimed), '
'disputed by TalkTalk',
'industry': 'Telecommunications',
'location': 'UK',
'name': 'TalkTalk',
'type': 'Telecommunications Provider'}],
'attack_vector': 'Third-Party Platform Compromise',
'data_breach': {'data_exfiltration': 'Alleged by threat actor',
'number_of_records_exposed': '18.8 million (claimed), '
'disputed by TalkTalk',
'personally_identifiable_information': 'Names, email '
'addresses, IP '
'addresses, phone '
'numbers, PINs',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal Identifiable '
'Information (PII)'},
'description': 'UK telecommunications provider TalkTalk confirmed a data '
'breach after a threat actor claimed responsibility on a '
'cybercrime forum. The attacker alleged the theft of data '
'belonging to over 18.8 million subscribers, including names, '
'email addresses, IP addresses, phone numbers, and PINs. The '
'breach originated from a third-party platform, identified as '
'CSG’s Ascendon SaaS platform, which TalkTalk uses for '
'services.',
'impact': {'brand_reputation_impact': 'High (recurring incidents)',
'data_compromised': 'Names, email addresses, IP addresses, phone '
'numbers, PINs',
'identity_theft_risk': 'High',
'systems_affected': 'CSG’s Ascendon SaaS platform'},
'initial_access_broker': {'entry_point': 'Third-party platform (CSG’s '
'Ascendon SaaS)'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Risks of third-party vulnerabilities in supply chain '
'security',
'post_incident_analysis': {'corrective_actions': 'Collaboration with affected '
'supplier to resolve the '
'issue',
'root_causes': 'Third-party platform compromise'},
'references': [{'source': "Cybercrime forum post by threat actor 'b0nd'"}],
'response': {'communication_strategy': 'Public statement issued',
'containment_measures': 'Immediate containment measures taken',
'enhanced_monitoring': 'Routine security monitoring detected the '
'incident',
'incident_response_plan_activated': 'Yes'},
'threat_actor': 'b0nd',
'title': 'TalkTalk Data Breach via Third-Party Platform',
'type': 'Data Breach'}