British telecom TalkTalk is warning customers about a deep security breach that's resulted in hackers calling them at home and impersonating company representatives. This comes after December rumors suggesting customer information such as names, addresses, phone numbers and account details had been compromised, though the company is only admitting the breach now.
TalkTalk said it has initiated legal action against an India-based third-party contractor that was compromised last year. Reports first surfaced in December when customers complained on TalkTalk's user forum that they were receiving calls from people claiming to be TalkTalk reps asking for their banking information. A TalkTalk investigation initially found around 100 complaints, though customers have been taken for thousands of pounds since then, according to a report in the Guardian Friday.
The TalkTalk impersonators apparently stick to a script, first convincing a target they're a customer service rep, then telling them they were victimized in an attack. The best way to resolve the issue, the scammer says, is to provide your bank account number and provide access to your TalkTalk account. Instead of finding that they've been reimbursed for something, customers discover that thousands of pounds are removed from their bank account.
“We have become aware that some limited, nonsensitive information about some customers could have been illegally accessed in violation of our security procedures,” TalkTalk said in a statement to the Guardian. “We are aware of a small, but nonetheless significant, number of customers who have been directly targeted by these criminals, and we have been supporting them directly.”
The company has set up a phone line so that suspicious customers can report if they've been hacked immediately.