TalkTalk cyber attack: Scale of hack outlined in detail

Extent of the data accessed smaller than first suspected


6th November 2015 – Latest Update

Since the cyber attack on Wednesday 21st October 2015, TalkTalk has been working to establish exactly what happened and, importantly, understand the extent of any individual customer data stolen during this attack.

Investigations by both TalkTalk and the Metropolitan Police continue, and further to our update on Friday 30th October the company is now able to confirm which customers were affected:

Extent of the personal data accessed:

- The total number of customers whose personal details were accessed is 156,959;
- Of these customers, 15,656 bank account numbers and sort codes were accessed;
- The 28,000 obscured credit and debit card numbers that were accessed cannot be used for financial transactions, and were 'orphaned', meaning that customers cannot be identified by the stolen data.

TalkTalk's ongoing forensic analysis of the site confirms that the scale of the attack was much more limited than initially suspected. Only 4% of TalkTalk customers have any sensitive personal data at risk. However, it is still advisable for customers to be vigilant, and to take all precautions possible to protect themselves from scam phone calls and emails.

TalkTalk have now contacted all customers who have had financial details accessed, reiterating the advice on what to do to keep themselves safe. The financial information accessed cannot on its own lead to financial loss. TalkTalk will be contacting all other affected customers in the coming days.

Please be aware that TalkTalk will not call or otherwise contact them regarding this incident and ask for bank details or other financial or personal information.

In addition, TalkTalk has shared the affected bank details with the major UK banks so they can take their usual actions to protect customers' accounts in the highly unlikely event that a criminal attempts to defraud them.

Customers are also encouraged to take up TalkTalk's offer of 12 months credit monitoring alerts with Noddle, one of the leading credit reference agencies, free of charge, by following these instructions and using the code TT231 at checkout.

Even though the scale of the attack is significantly smaller than initially suspected, TalkTalk continues to advise all its customers to be vigilant, and to take all precautions possible to protect themselves from scam phone calls and emails.

The Metropolitan Police investigation is ongoing. Detective Superintendent Jayne Snelgrove of the Met's cyber crime unit said: "TalkTalk have done everything right in bringing this matter to our attention as soon as possible. Our success relies on businesses being open with us and each other about the threats they encounter."