U.Ok. telecoms big TalkTalk has confirmed that it’s investigating a knowledge breach after a hacker claimed to have stolen the private data of tens of millions of shoppers.

In a put up on a preferred cybercrime discussion board seen by TechCrunch, a person utilizing the alias “b0nd” claimed to have stolen the private knowledge of greater than 18.8 million present and former TalkTalk subscribers. This knowledge, which the risk actor is providing on the market, supposedly contains buyer names, e mail addresses, IP addresses, cellphone numbers and subscriber PINs. 

In a press release to TechCrunch, TalkTalk spokesperson Liz Holloway confirmed the corporate is investigating the info breach, however mentioned the 18.8 million determine claimed by the hacker is “wholly inaccurate and really considerably overstated.”

TechCrunch understands that TalkTalk presently has roughly 2.4 million prospects.

“As a part of our common safety monitoring, given our ongoing deal with defending prospects’ private knowledge, we have been made conscious of surprising entry to, and misuse of, one in every of our third-party suppliers’ methods,” Holloway advised TechCrunch. “Our Safety Incident Response group are persevering with to work with the provider relating to this matter and protecting containment steps have been taken instantly.”

Holloway declined to call the third-party provider, however screenshots shared by b0nd counsel the info was stolen from CSG’s Ascendon platform, which TalkTalk makes use of for subscription administration.

In a press release despatched to TechCrunch, CSG spokesperson Kristine Østergaard mentioned the corporate realized that an “exterior social gathering gained unauthorized entry to a single supplier’s knowledge residing on a CSG platform” on January 21. Nonetheless, she added that the CSG has “no proof” that its methods have been compromised or that CSG was the reason for the TalkTalk breach.

TechCrunch understands that the private particulars of a small subset of TalkTalk prospects are saved in Ascendon. Holloway confirmed to TechCrunch that “no billing or monetary data was saved on this technique.”

TalkTalk was previously fined £400,000 after a 2015 knowledge breach by which hackers stole the private knowledge of 157,000 prospects, together with some monetary data. The U.Ok.’s Data Commissioner mentioned on the time that TalkTalk had didn’t implement “essentially the most primary cyber safety measures,” enabling hackers to “penetrate its methods with ease.”

Up to date with remark from CSG.