A criminal investigation has been launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyber attack on our website.
That investigation is ongoing, but unfortunately there is a chance that some of the following data has been compromised: names, addresses, dates of birth, phone numbers, email addresses, TalkTalk account information, credit card details and/or bank details.
What is a cyber attack?
As stated by the National Crime Agency, a cyber attack often involves "the injection of specialist software by hackers who seek to gain unauthorised access to computer networks and systems and take administrative control of these."
We have taken all necessary measures to secure our website following the attack, but it's too early to say who the attackers were. A formal investigation by the Metropolitan Police is under way to establish exactly what happened.
What we are doing
- We are contacting all our customers straight away to let them know what has happened and we will keep you up to date as we learn more.
- We have taken all necessary measures to secure our website following the attack.
- Together with cyber crime experts, the security services and the police, we're continuing to complete a thorough investigation.
- We've contacted the major banks, and they will be monitoring for any suspicious activity on our customers' accounts.
- We have contacted the Information Commissioner's Office.
- We are offering a year's free credit monitoring for all of our customers and will be contacting customers with the details. Noddle (www.noddle.co.uk) also allows free access to your credit report for life.
- Keep an eye on your accounts over the next few months. If you see anything unusual, please contact your bank and Action Fraud as soon as possible. Action Fraud is the UK's national fraud and internet crime reporting centre, and they can be reached on 0300 123 2040 or via www.actionfraud.police.uk
- If you are contacted by anyone asking you for personal data or passwords (such as for your bank account), please take all steps to check the true identity of the organisation.
- Check your credit report with the three main credit agencies: Call Credit, Experian and Equifax.
TalkTalk will NEVER
- TalkTalk will NEVER call customers and use an account number to identify you or prove that the call is genuine.
- TalkTalk will NEVER call customers and ask them to provide bank details unless we have already had specific permission from you to do so.
- TalkTalk will NEVER ask for your bank details to process a refund. If you are ever due a refund from us, we would only be able to process this if your bank details are already registered on our systems.
- TalkTalk will NEVER ask you to go to your bank and withdraw cash and send it to us by Moneygram or Western Union. Scammers do this so that the scam cannot be traced back to them.
- TalkTalk will NEVER call you and ask you to download software onto your computer, unless you have previously contacted TalkTalk, discussed and agreed a call back for this to take place.
- TalkTalk will NEVER send you emails asking you to provide your full password. We will only ever ask for two digits from it to protect your security.
- TalkTalk will NEVER call and tell you about a technical problem unless you have reported one to us. If you get an unexpected call about a technical issue and you are unsure, you should call us using the numbers on the TalkTalk website to verify that this is genuine.
- TalkTalk will NEVER ask you to switch off your mobile or remain on your landline for several hours. Scammers do this so that your bank cannot call you to verify if a transaction is valid.
We understand this will be concerning and frustrating, and we want to reassure you that we are continuing to take every action possible to keep your information safe.
Dido Harding, CEO, said: "We're working really hard to protect our customers. TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organisations.
"We take any threat to the security of our customers' data extremely seriously and we are taking all the necessary steps to understand what has happened here. As a precaution, we are contacting all our customers straight away with information, support and advice around Wednesday's attack."
If you have any more questions, please click here for the latest information, or you can call us on 0800 0832710 or 0141 2300707.