IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Fresh TalkTalk customer data found publicly available online

Information belongs to customers who were told they were unaffected by 2015 breach

TalkTalk logo on a phone

Telecoms provider TalkTalk failed to notify 4,454 of its customers that their sensitive data was leaked during its 2015 data breach, and instead led them to believe their data was safe, according to a new report.

The breach, which led to the theft of data including names, email addresses and payment information, was initially thought to have affected just under 157,000 customers.

However, following an investigation from BBC Watchdog Live, it was discovered that affected customers' information could be accessed through a Google search, data which is believed to have been publicly available online since the 2015 breach.

The details included names, addresses, email addresses, phone numbers, TalkTalk account numbers, payment information and dates of births.

A spokesperson for TalkTalk described the incident as a "genuine error" and has since contacted customers to apologise.

"The customer data referred to by BBC Watchdog relates to the historical October 2015 data breach," said a TalkTalk spokesperson. "The 2015 incident impacted 4% of TalkTalk customers and at the time we wrote to all those impacted.

"In addition, we wrote to our entire base to inform them about the breach, advise them about the risk of scam calls and offer free credit monitoring to protect against fraud," the spokesperson added. "A recent investigation has shown that 4,545 customers may have received the wrong notification regarding this incident. This was a genuine error and we have since written to all those impacted to apologise."

The Information Commissioner's Office (ICO) handed TalkTalk a 400,000 fine after the original security breach, setting a record at the time. The ICO was able to fine companies in breach of data protection rules and regulations up to 500,000 until the GDPR and Data Protection Act 2018 rules came into effect a year ago this week.

"This information raises concern and we will be making further enquiries with TalkTalk," said an ICO spokesperson, speaking to IT Pro. "Under data protection law organisations have the obligation to keep personal data secure, whether in electronic or paper format, and we will take enforcement action against those who willfully, negligently or persistently break the law."

We also asked the data protection watchdog if it would be taking any action against TalkTalk retrospectively, but it declined to clarify further.

Matthew Hanley and Connor Allsopp, both in their early twenties, pled guilty to the data breach in April 2017, and were sentenced to 12 months and eight months respectively. The data breach is said to have cost the company 77 million.

Following the initial 400,000 fine, the ICO issued TalkTalk with a further 100,000 fine for a separate data incident in 2014. In this case, employees were able to improperly access the information, which was used by fraudsters to make scam calls to customers, using their names, addresses, phone numbers and account numbers.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
16 ways to speed up your laptop

16 ways to speed up your laptop

13 May 2022
How full-stack observability can accelerate IT innovation

How full-stack observability can accelerate IT innovation

3 May 2022