TalkTalk has admitted to a data breach that led to customers being scammed for thousands of pounds.
A post on a TalkTalk forum explained that a third party with "legitimate access to customer accounts" was hit by a data breach last year, causing information to go missing. The party has begun legal action against the supplier.
The scammers, based in India, have been using the stolen data, which includes account numbers, addresses and account holders’ names, to trick customers into thinking they are calling from TalkTalk.
They then claim to have identified problems with the TalkTalk router and prompt the customer to download software to let them access the computer and fix the 'problem'. They also promise a compensation payment of £250.
However, the scammers actually use the information and access to wire money from the customer's account. The Guardian reported that one man was stung for £2,800 after trusting the scammer because they knew his account information.
Another customer confirmed on a forum that they had received a call from a scammer on 27 February using the information to try to trick them into allowing laptop access.
"I have just had 'THE' call from 'TalkTalk' and like everyone else was surprised he had my address and account number. I deliberately wasted his time for 15 minutes and then hung up," they wrote.
TalkTalk has warned customers to be vigilant about such calls on its forums, noting that it would never ask to download software to a customer's machine or call customers and identify them using account details.
A TalkTalk spokesperson confirmed to V3 that it began investigating whether a hack had taken place after reports of customers being scammed emerged last year. It discovered that this was indeed the case.
“We are aware of a small, but nonetheless significant, number of customers who have been directly targeted by these criminals and we have been supporting them directly,” the spokesperson said.
The company claimed that no financial data such as bank or credit card details or dates of birth were taken, and that no TalkTalk Business customers were affected.
Australian government to require technology and communications companies to provide access to messages
New bill avoids demanding 'backdoors' in encryption, but includes measures to compel companies to provide access to encrypted communications
Indonesian overclocker Ivan Cupa (with the aid of a lot of liquid nitrogen) achieves record overclock on AMD's latest Threadripper
Ssupermassive black hole is so big it corresponds to four per cent of the galaxy's total mass
Imminent attack will target a single bank with cloned cards used to fraudulently withdraw millions over one weekend