From TalkTalk, yesterday:
Since the cyber attack on our website on Wednesday 21st October 2015, we have been working to establish what happened and, importantly, understand the extent of any individual customer data stolen during this attack. In light of the potential scale of attack, our responsibility last week was to inform all customers as quickly as possible. Our investigation continues, but we now know the extent of the data accessed is significantly less than originally suspected and can confirm that the following personal data was accessed:
- Less than 21,000 unique bank account numbers and sort codes
- Less than 28,000 obscured credit and debit card details (as previously stated, the middle 6 digits had been removed)
- Less than 15,000 customer dates of birth
- Less than 1.2 million customer email addresses, names and phone numbers
Starting today, we are writing to all customers who have been affected by this to let them know what information has been accessed.
As we have previously confirmed, the credit and debit card details cannot be used for financial transactions. In addition, we have shared the affected bank details with the major UK banks so they can take their usual actions to protect customers’ accounts in the highly unlikely event that a criminal attempts to defraud them. We also encourage you to take up the free 12 months of credit monitoring alerts with Noddle, one of the leading credit reference agencies, by following these instructions and using the code TT231 at checkout.
Even though the scale of the attack is significantly smaller than initially suspected, we continue to advise you to be vigilant, and to take all precautions possible to protect themselves from scam phone calls and emails.
The Metropolitan Police Cyber Crime Unit’s criminal investigation is ongoing, and we continue to assist them.
Dido Harding, CEO, TalkTalk: “Today we can confirm that the scale of attack was much smaller than we originally suspected, but this does not take away from how seriously we take what has happened and our investigation is still on going. On behalf of everyone at TalkTalk, I would like to apologise to all our customers. We know that we need to work hard to earn back your trust and everyone here is committed to doing that.”
Detective Superintendent, Jayne Snelgrove of the Metropolitan Police Cyber Crime Unit: “TalkTalk have done everything right in bringing this matter to our attention as soon as possible. Our success relies on businesses being open with us and each other about the threats they encounter.”