Has TalkTalk’s security been breached yet again?

Customers claim scammers have fresh details of their accounts – and even a new router password

Fraudsters are believed to be targeting TalkTalk customers again, this time on an “industrial scale”, amid claims that a gang based in India is using details stolen in recent weeks. Despite repeated reassurances by the telecoms provider that it now has a tight grip on security, some customers claim they are receiving calls from what they believe to be scammers, armed with details about router numbers and passwords, which they say could only have come from within the company.

While TalkTalk insists it has not been a victim of a fresh theft or security breach, the BBC reported this week that it had been contacted by three Indian whistleblowers who claim to have been among hundreds of staff using stolen UK TalkTalk data (although the BBC did admit it couldn’t verify the claims).

The unnamed source says USB sticks full of customer details have been traded at parties in Kolkata. They describe how as many as 60 “employees” work in shifts at “call centres” to dupe victims into giving them access to their bank accounts.

Guardian Money has repeatedly highlighted the scams, and detailed around 20 cases where fraudsters were able to quote enough account information to convince their victim that they were speaking with a genuine TalkTalk employee. The fraudsters went on to clean out their bank account. TalkTalk denies responsibility and has refused to refund victims, saying it was just one of a number of tech firms targeted.

But Jane Hatton from Halifax in West Yorkshire contacted Money to say that the fraudsters now appear to have access to the very latest customer details. The retired bank worker, who has been a TalkTalk customer for almost 10 years, says she recently upgraded her package to include unlimited broadband, and was sent a new router in January. Just two weeks later, she says she received a call from someone posing as a TalkTalk employee who knew all the details of her account. He knew about the contract upgrade and was able to quote both the router number and the new password sent only a few days before.

As with previous frauds, Hatton was lured by the promise of a £200 refund and gave the fraudsters remote access to her computer. She was invited to click on her bank’s logo but, unlike other cases, security systems at her bank – Halifax – seem to have prevented any money leaving her account. The fraudsters also put a remote lock on her computer and would not release it unless she paid a ransom. She refused and has since had to have her computer rebuilt.

“I am absolutely furious. The fraudsters knew everything about my account – including my router password – that can only have come from the company. I want to leave, but TalkTalk has demanded a £386 early termination fee.”

Another reader, SB from Droitwich, says he had a similar experience. He contacted TalkTalk about an email problem and changed his billing method at the same time. “A few days later I received a call purporting to be from TalkTalk telling me they could restore all my missing emails and that they would have to get into my computer to make the correction. I was not suspicious because they had so many personal details, which only TalkTalk could have known. I agreed and they had control from then on.”

It was when he was asked to send money via PayPal that he realised it was a scam. He did not lose any money, but his computer was also locked out. “I’d very much like to know how these scammers had all my details. I can only imagine that a genuine TalkTalk employee or subcontractor passed, or sold, them on.”

The fresh allegations come amid a long and delayed investigation by the Information Commissioner’s Office. This follows a series of known data breaches from 2014 onwards.

In 2011, TalkTalk outsourced some of its call centre work to the Kolkata office of Wipro, one of India’s largest IT service companies. Last year, three Wipro employees were arrested on suspicion of selling TalkTalk customer data.

The BBC report says it was told that criminals have used the data to operate at least three call centres, where staff work in shifts earning about £120 a month to phone TalkTalk customers using the stolen data to convince victims they are genuine.

When we asked TalkTalk how the scammers apparently had access to Hatton’s router details, it told us: “We are aware there are criminals targeting a number of UK and international companies, and we take our responsibility to protect customers very seriously. This is why we launched our ‘Beat the Scammers’ campaign, helping all our customers keep safe”, but added “there has not been a new security breach.”

Wipro said: “The matter is under investigation and we continue to work closely with the authorities. There are no further developments.”


Miles Brignall

The GuardianTramp

Related Content

Article image
TalkTalk scam victims move closer to class-action lawsuit
Information commissioner’s ruling on data breach strengthens case against broadband provider

Miles Brignall

19, Aug, 2017 @6:00 AM

Article image
TalkTalk scam victims say it’s time for answers
As another customer explains how he was conned out of £6,300 after the firm’s security breach, the ICO is seemingly stalling while a class action moves closer

Miles Brignall

18, Feb, 2017 @6:59 AM

Article image
Every time I contact TalkTalk I get a fake email from scammers
It seems the phone company is still having problems with data breaches

Miles Brignall

14, Jun, 2017 @6:00 AM

Article image
Fast broadband speeds not guaranteed by living in city centre, figures show

Research shows slowest area in London includes Barbican, next door to the City of London, while fastest is Charlton in Greenwich

Juliette Garside, telecoms correspondent

27, Mar, 2013 @8:38 PM

Article image
‘My flat was built in 2017 so why can't I get BT or Sky broadband?’
Jennifer Offord’s new-build does not allow her to sign up to internet and TV from major providers

Rebecca Goodman

25, May, 2019 @6:00 AM

Article image
BT broadband user charged £5,000 after exceeding usage limit
My grandmother unwittingly bust her allowance – and the charges add up to thousands

Rebecca Smithers

04, Feb, 2018 @7:00 AM

Article image
BT took an age to install our community centre’s superfast broadband
After six months and 15 visits by Openreach technicians BT still left us without a working connection

Miles Brignall

18, Oct, 2021 @6:00 AM

Article image
TalkTalk won’t listen as another fraud victim fights for compensation
Furious customers question firm’s response to major data theft, as both it and the bank deny responsibility for losses

Miles Brignall

14, Mar, 2015 @7:00 AM

Article image
Living in a broadband ‘not-spot’? Try using the church spire to get a signal
Communities across the country with superslow rather than superfast internet are coming up with their own ideas to try and speed things up

Kim Stoddart

12, Nov, 2016 @7:00 AM

Article image
Stung by phone call scam after switching to TalkTalk
I received a message to call a premium number on day of switch and was charged almost £700 even though I disconnected quickly

Liz Phillips

20, Jun, 2016 @6:00 AM