U.K. telecom provider TalkTalk announced Thursday that the private information of its 4 million subscribers may have been exposed in a “significant and sustained cyberattack” on the carrier’s website Wednesday.
According to a company press release, the attack may have compromised the “names, addresses, date of birth, phone numbers, email addresses, TalkTalk account information, credit card details and/or bank details” of TalkTalk customers. The company said it is currently working with the Metropolitan Police Cyber Crime Unit to “establish exactly what happened and the extent of any information accessed.”
“TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organizations,” said TalkTalk CEO Dido Harding. “We take any threat to the security of our customers’ data extremely seriously and we are taking all the necessary steps to understand what has happened here.”
TalkTalk said it is currently reaching out to customers to alert them of the potential breach, and encouraged its subscribers to carefully monitor their accounts over the next few months. The company advised customers that it would “NEVER call customers and ask you to provide bank details” and said consumers should take steps to verify the identity of anyone asking for such data or other personal information.
The BBC reported that Wednesday’s attack is the third such crime to affect TalkTalk in the past 12 months. The other attacks came in the form of a breach of the carrier’s mobile sales site in August and the compromise of thousands of customer names and account numbers in a February email scam.
The hack follows a similar attack on U.K. electronics and connectivity outfit Carphone Warehouse in August that put the personal information of up to 2.4 million customers, including their name, address, date of birth and bank details, at risk.
At the start of this month, the personal information of several million T-Mobile customers was also exposed following a cyberattack on the carrier’s credit agency, Experian.