TalkTalk cyber attack: Scale of hack smaller than originally suspected

Extent of the data accessed outlined


30th October 2015

Since the cyber attack on Wednesday 21st October 2015, TalkTalk has been working to establish what happened and, importantly, understand the extent of any individual customer data stolen during this attack.

In light of the potential scale of attack, the company concentrated on informing all customers as quickly as possible. The investigation continues, but it has now been established that the extent of the data accessed is significantly less than originally suspected.

Extent of the personal data accessed:

- Fewer than 21,000 unique bank account numbers and sort codes
- Fewer than 28,000 obscured credit and debit card details (as previously stated, the middle 6 digits had been removed)
- Fewer than 15,000 customer dates of birth
- Fewer than 1.2 million customer email addresses, names and phone numbers

TalkTalk CEO Dido Harding said: "Today we can confirm that the scale of attack was much smaller than we originally suspected, but this does not take away from how seriously we take what has happened and our investigation is still on going.

"On behalf of everyone at TalkTalk, I would like to apologise to all our customers. We know that we need to work hard to earn back your trust and everyone here is committed to doing that."

Starting today, TalkTalk is writing to all customers who have been affected by this to let them know what information has been accessed.

As previously confirmed, the credit and debit card details accessed cannot be used for financial transactions.

In addition, TalkTalk has shared the affected bank details with the major UK banks so they can take their usual actions to protect customers' accounts in the highly unlikely event that a criminal attempts to defraud them.

Customers are also encouraged to take up TalkTalk's offer of 12 months credit monitoring alerts with Noddle, one of the leading credit reference agencies, free of charge, by following these instructions and using the code TT231 at checkout.

Even though the scale of the attack is significantly smaller than initially suspected, TalkTalk continues to advise all its customers to be vigilant, and to take all precautions possible to protect themselves from scam phone calls and emails.

The Metropolitan Police investigation is ongoing. Detective Superintendent Jayne Snelgrove of the Met's cyber crime unit said: "TalkTalk have done everything right in bringing this matter to our attention as soon as possible. Our success relies on businesses being open with us and each other about the threats they encounter."