Phone and broadband provider TalkTalk has confirmed that its website has experienced a ‘significant and sustained cyber-attack’ and that customer data could have been compromised.
The company revealed that potentially all 4m of its customers could be affected, but said that it was too early to know exactly what data had been stolen.
TalkTalk is contacting all of its customers to let them know what has happened, and claims it has ‘taken all necessary measures to secure our website following the attack’.
Its chief executive, Dido Harding, said: ‘We take any threat to the security of our customers’ data extremely seriously, and we are taking all the necessary steps to understand what has happened here.’
At present, the phone and broadband provider hasn’t specified exactly what data was stolen from its servers. It said there was a chance that some of the following customer data, not all of which was encrypted, had been accessed:
- Name, address and date of birth
- Email address and phone number
- Bank account and credit card details
- TalkTalk account information
If you’re worried that your data may have been affected then read our special TalkTalk cyber-attack guide to find out how to protect yourself.
What should I do about it?
TalkTalk has said that it has contacted the major banks, asking them to look out for any suspicious activity on customers’ accounts. Nonetheless it recommends that customers keep an eye on their accounts over the next few months and to report any unusual activity to their bank and Action Fraud as soon as possible.
Customer should also check their credit reports with the main credit agencies: Call Credit, Experian and Equifax.
Anyone who is contacted by someone claiming to be from TalkTalk and is then asked for personal data or passwords, such as those for a bank account, should take all steps necessary to establish the true identity of the caller or sender. TalkTalk has said that it will never contact anyone to ask for this information unless they’ve already given specific permission for it to do so.
TalkTalk said in a statement that it had reported the attack to the Metropolitan Police Cyber Crime Unit and that a criminal investigation had been launched on Thursday.
This isn’t the first time that TalkTalk has come under attack. In August, the company revealed its mobile sales site had been targeted and personal data leaked. And in February, TalkTalk customers were warned about scammers who had managed to steal thousands of account numbers and names.