TalkTalk investigates alleged data breach after hacking forum claims customer data sale

UK telecommunications provider TalkTalk is investigating a potential data breach involving one of its third-party suppliers. The company’s security team is working with the supplier to assess the situation after a threat actor, identified as "b0nd," began selling what they claim to be stolen TalkTalk customer data on a hacking forum. The alleged breach, which the hacker claims occurred in January 2025, reportedly affects millions of current and former TalkTalk customers.

TalkTalk acknowledged the breach in a statement, confirming that the incident involved "unexpected access to, and misuse of, one of our third-party supplier’s systems." However, the company emphasized that no billing or financial information was stored in the affected system. "Our Security Incident Response team is continuing to work with the supplier regarding this matter, and protective containment steps were taken immediately," the company stated.

The breach became public attention when the hacker posted details on the forum, stating that the data theft affected approximately 18.8 million TalkTalk customers. The hacker claimed to be selling the personal information, which included subscriber names, email addresses, last-used IP addresses, and business and home phone numbers. A sample of the data was shared with forum members to corroborate the claim.

TalkTalk quickly responded, disputing the numbers presented in the hacker’s post. "The number of potential customers referred to in certain online posts is wholly inaccurate and significantly overstated," the company said. While TalkTalk did not provide an exact figure for the number of customers impacted, it refuted the hacker’s claim that nearly 19 million individuals were affected. The discrepancy casts doubt on the authenticity of the stolen data.

Further investigation into the incident has led to suspicions that the data may have been obtained from the Ascendon SaaS platform, which TalkTalk has used for subscription management. Screenshots of the alleged stolen data provided by the hacker suggest that the breach originated from this third-party platform rather than directly from TalkTalk’s systems. CSG Ascendon, the company behind the platform, has yet to respond to inquiries from BleepingComputer about whether their systems were compromised.

This breach is the latest in a series of security challenges for TalkTalk. In 2015, the company suffered a high-profile data breach when hackers accessed the personal details of more than 150,000 customers. The fallout from that breach included a £400,000 fine from the UK Information Commissioner’s Office for failing to protect customer data adequately.