430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

TalkTalk confirms data breach involving a third-party platform

UK telecommunications firm TalkTalk disclosed a data breach after a threat actor announced the hack on a cybercrime forum. UK telecommunications company TalkTalk confirmed a data breach after a threat actor claimed responsibility for the cyber attack on a cybercrime forum and offered for sale alleged customer data.  A threat actor named “b0nd” claimed the […]

talktalk

UK telecommunications firm TalkTalk disclosed a data breach after a threat actor announced the hack on a cybercrime forum.

UK telecommunications company TalkTalk confirmed a data breach after a threat actor claimed responsibility for the cyber attack on a cybercrime forum and offered for sale alleged customer data. 

A threat actor named “b0nd” claimed the theft of data of over 18.8 million TalkTalk subscribers’ data, including names, email addresses, IP addresses, phone numbers, and PINs.

The claim of 18.8 million affected TalkTalk customers is doubtful, as the company does not have that many subscribers.

The data breach involved a third-party platform, however the company attempted to downplay the scope of the incident.

TalkTalk announced that the an investigation is ongoing, but the company spokesperson Liz Holloway told TechCrunch that the claim of 18.8 million affected users is “wholly inaccurate and significantly overstated.”

“As part of our regular security monitoring, given our ongoing focus on protecting customers’ personal data, we were made aware of unexpected access to, and misuse of, one of our third-party suppliers’ systems,” Holloway told TechCrunch. “Our Security Incident Response team are continuing to work with the supplier regarding this matter and protective containment steps were taken immediately.”

The telecommunications company is working with the third-party supplier to resolve the issue.

TalkTalk did not name the third-party supplier that was breached by the threat actors, however the image published by b0nd suggests that the data was stolen from the Ascendon SaaS platform used by the telecommunications provider.

CSG admitted that the data published by the threat actors were stolen from their platform, but did not disclose a security breach of their systems. The company also added that only one customer was impacted.

“On Jan. 21, 2025, CSG learned that an external party gained unauthorized access to a single provider’s data residing on a CSG platform,” CSG told BleepingComputer.We have no evidence that CSG’s technologies and systems were compromised or that CSG was the cause of the unexpected access to the data. CSG provided immediate containment and is actively supporting our customer.”

In 2015, TalkTalk Telecom Group announced that four million subscribers have been impacted by a “sustained cyberattack” that hit its servers.

At the time, threat actors accessed the personal details of over 150,000 customers.  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)