Phone company TalkTalk has confirmed that leaked customer data is being used by criminals to defraud its customers.
Personal information including the phone numbers, addresses and account details of TalkTalk customers were leaked when a third party suffered a data breach last year. TalkTalk is taking legal action against the supplier.
The breach first came to light in December, when more than 100 customers said they’d received phone calls from India-based scammers, who quoted their personal details. Since then, many more customers have come forward, including Graeme Smith from Co Durham, who told The Guardian that criminals had stolen £3,000 from him.
TalkTalk’s attitude to the breach at the moment seems to be rather HushHush. Although its four million customers have been emailed to warn them to be on the look-out for fraudulent activity, there’s no mention of the breach on the company’s homepage (much to the ire of certain Twitter users, including security expert Graham Cluley).
In a statement quoted by the BBC, TalkTalk said:
“We have become aware that some limited, non-sensitive information about some customers could have been illegally accessed in violation of our security procedures. We are aware of a small, but nonetheless significant, number of customers who have been directly targeted by these criminals and we have been supporting them directly.”
Third-party security is an essential component of any secure business. It’s impossible to properly secure your information if someone else in your supply chain isn’t exercising the same controls over it.
ISO 27001, the international standard for information security management, sets out the requirements of an information security management system (ISMS) that encompasses people, processes and technology. Many ISO 27001-certified companies insist that all third parties must also achieve certification to the standard, ensuring the strength of the supply chain and the security of critical information assets.
IT Governance ISO 27001 Packaged Solutions
IT Governance’s fixed-price ISO 27001 Packaged Solutions enable all organisations to implement best-practice information security practices for a budget and at a speed that suits their requirements.