TalkTalk has failed to inform 4,545 customers that during the 2015 data breach, their personal information was stolen, including bank account details.
“The customer data referred to by the BBC Watchdog relates to the historical October 2015 data breach. It is not a new incident,” said a TalkTalk spokesperson.
Viewers of BBC Watchdog Live raised concerns about their personal data being breached by TalkTalk.
The consumer show investigate the matter and revealed that around 4,500 customers had their personal details breached and were available online. The customer details found included: names, addresses, email addresses, birthdates, bank details and mobile numbers.
It has been speculated that the information is likely to have been online ever since the data breach in 2015.
The attack back in 2015 saw 157,000 peoples’ personal details accessed.
The Information Commissioner’s Office (ICO) investigated the breach and found several issue pertaining to TalkTalk’s security processes. As a result, the ICO imposed a £400,000 fine on the company.
In response to the findings of the investigation, TalkTalk stated that it was a genuine mistake and that it has apologized to all the customers impacted by the breach.
A company statement read, “The 2015 incident impact 4% of TalkTalk customers and at the time, we wrote to all those impacted. In addition, we wrote to our entire base to inform them about the breach, advise them about the risk of scam calls and offer free credit monitoring to protect against fraud.”
It added, “A recent investigation has shown that 4,545 customers may have received the wrong notification regarding the incident. This was a genuine error and we have since written to all those impacted to apologize. 99.9% of customers received the correct notification in 2015. On their own, none of the details accessed in the 2015 incident could lead to any direct financial loss.”
Such personal details could easily be used to commit identity fraud or theft.
An online security expert, Scott Helme, told the BBC program, “If the data has come from TalkTalk then obviously we need to go and revisit all of these people who’ve been told that they weren’t exposed and look at what they can do to rectify the harm. We’re never going to completely erase this data, but what we can do is try to reduce the impact of having lost the data.”
Watchdog Live spoke to several people who had been affected by the data breach, most of which said that they fell victim to scam calls, many fraud attempts and identity theft incidents which impacted their credit ratings.