TalkTalk "Hacking" Phone Call, Security Breach?

25
Found 17th Apr 2015
Absolutely fizzing here. At 1pm today got a phone call from "Talktalk Phone And Broadband" (caller display read "005824"), saying I had a hacking alert via my IP address (erm right!). I asked him if he had my name, address, phone number, Talktalk account number and what was his name? He repeated all of the information back to me.

In an accent he said he was "Simon Woods" and I could dial him back on a direct number. No thanks, I have the Talktalk Customer Services number in my phone already.

So, I phone Talktalk and the Talktalk Account Number he quoted was also correct!! Is this an insider job?

The "solution" they offered was an email warning about Internet Crime, with links for me to read (erm, thanks).

TL;DR: Talktalk "hacking" call that has all sorts of details about me, is it in Insider job? Do they have my bank account details as well?
Community Updates
AskiPhonePhones
25 Comments
This is absolutely shocking. It does sound like an inside job.
Don't panic, you're not alone.
A 3rd party with access to your data was 'compromised'.
You did the right thing, got suspicious and contacted the company direct.
It's really all you can do.

Some news stories relating to this security event:
http://www.ibtimes.co.uk/talktalk-data-leak-used-fraud-attacks-customers-lose-thousands-pounds-scammers-1489723

http://www.theguardian.com/business/2014/dec/05/talktalk-customers-india-based-scam-calls-prompting-fears-data-leak

theguardian.com/mon…lls

Banned
This is why I switched from talk talk to origin Broadband.

Talk talk cannot be trusted at all
Original Poster
I told them to escalate it and a Manager will phone me back (as I can't sit in this afternoon but I do want to pursue this). Not sure what else they can do...but obviously if Talktalk can't reassure me my data is safe, I will leave.

Nobody's replied to me on the Talktalk Forum yet. The official replies on other threads all seem very cagey, "we're looking into this"...which isn't good enough!!
Edited by: "louiselouise" 17th Apr 2015
Original Poster
shimagoza

Don't panic, you're not alone.A 3rd party with access to your data was … Don't panic, you're not alone.A 3rd party with access to your data was 'compromised'.You did the right thing, got suspicious and contacted the company direct.It's really all you can do.Some news stories relating to this security event:http://www.ibtimes.co.uk/talktalk-data-leak-used-fraud-attacks-customers-lose-thousands-pounds-scammers-1489723http://www.theguardian.com/business/2014/dec/05/talktalk-customers-india-based-scam-calls-prompting-fears-data-leakhttp://www.theguardian.com/money/2015/jan/21/talktalk-too-reticent-over-scam-calls

Thanks for the links and the replies. I *hope* that's true, that bank details are only accessed if the caller falls for the scam and quotes them over the phone. Luckily I have my head screwed on, but others may be too trusting.

The articles above ^ are from December-February, seems like they're taking their time resolving this?
Edited by: "louiselouise" 17th Apr 2015
A real employee would never tell you your details over the phone if they called you. pretty obvious it's a scam. all companies will have dodgy employees at some point. pays to be careful and never give your info out to any callers who randomly ring you.
louiselouise

Thanks for the links and the replies. I *hope* that's true, that bank … Thanks for the links and the replies. I *hope* that's true, that bank details are only accessed if the caller falls for the scam and quotes them over the phone. Luckily I have my head screwed on, but others may be too trusting.The articles above ^ are from December-February, seems like they're taking their time resolving this?


Unfortunately a lot of people are going to fall for these scams.
They're targeted and fairly professional scams.
To be fair to TalkTalk it's difficult to know what they 'can' actually do now.
Essentially the data leaked is your tel number, your name and your a/c number (don't quote me on this).
So without reissuing tel or a/c numbers at great cost and inconvenience to provider and clients, I'm not really sure what they can do.
I'm not trying to stand up for TalkTalk, as they are likely liable, but from a counter-measure point of view the situation is bleak imo.

Posting internet articles/posts, like you have, helps to raise awareness of these scams so credit to you on that.

Glad you didn't fall victim, all the best
Original Poster
maryjohnson5464

A real employee would never tell you your details over the phone if they … A real employee would never tell you your details over the phone if they called you. pretty obvious it's a scam. all companies will have dodgy employees at some point. pays to be careful and never give your info out to any callers who randomly ring you.

He didn't volunteer the information initially, I asked him to prove who he was.

It may be obvious it's a scam to you, but from reading their Forums quite a few have fallen for it!
Original Poster
A "manager" from Talktalk was supposed to phone me back at 6pm.....no phone call!

Edit: Oh, and also, that email about "internet crime" with links in it...didn't appear in my Inbox either.
Edited by: "louiselouise" 17th Apr 2015
A caller ID 00501 rang me yesterday, googled it and it's clearly linked to various scams. I never answer numbers I don't know
Original Poster
GimmiSomeOfThat

A caller ID 00501 rang me yesterday, googled it and it's clearly linked … A caller ID 00501 rang me yesterday, googled it and it's clearly linked to various scams. I never answer numbers I don't know

You're right, I was already cynical when I saw the number on my Caller Display and was ready to go along with the spiel for a while...but I was astonished at the amount of information he knew!
What exactly do you want talk talk to do? Someone has phoned you and they know your full name and address (and phone number obviously). And your talk talk account number. Hardly the crime of the century is it
Original Poster
kjcoolcat

What exactly do you want talk talk to do? Someone has phoned you and … What exactly do you want talk talk to do? Someone has phoned you and they know your full name and address (and phone number obviously). And your talk talk account number. Hardly the crime of the century is it

I'm not looking for compensation. I think I'm entitled to be concerned that (I suspect) there are people in their call centres selling on details or working in gangs with customers' information.

If they know my name, full address, phone number, account number...what else do they know? If you are cool with strangers phoning you up and telling you all these details, then, that's great. But it would ring alarm bells for most people.

What Talktalk can do now this information is out there, not much. But if it helps one person reading this thread, that's something, at least
Edited by: "louiselouise" 17th Apr 2015
louiselouise

I'm not looking for compensation. I think I'm entitled to be concerned … I'm not looking for compensation. I think I'm entitled to be concerned that (I suspect) there are people in their call centres selling on details or working in gangs with customers' information.If they know my name, full address, phone number, account number...what else do they know?What Talktalk can do now this information is out there, not much. But if it helps one person reading this thread, that's something, at least



It's not an insider job. Have you been with them long? They sent an email to all customers about 2/3 months ago admitting they were hacked and personal information took, blah blah.. It's about as serious as someone picking up a phone book (if they still exist)

Agreed, they're security should have been better - but the issue is with the people "phishing" - calling said customers and trying to obtain their bank details. I've had them call me too but I was at work which was a shame, I'd love to keep them busy on the phone for a while..

Fair enough for putting it out there, but I really wouldn't get too upset over it
Original Poster
kjcoolcat

It's not an insider job. Have you been with them long? They sent an … It's not an insider job. Have you been with them long? They sent an email to all customers about 2/3 months ago admitting they were hacked and personal information took, blah blah.. It's about as serious as someone picking up a phone book (if they still exist)Agreed, they're security should have been better - but the issue is with the people "phishing" - calling said customers and trying to obtain their bank details. I've had them call me too but I was at work which was a shame, I'd love to keep them busy on the phone for a while..Fair enough for putting it out there, but I really wouldn't get too upset over it

I've been with them for seven years. I think a few people on the Talktalk Community Forums would disagree with you, as there's many speculating it's ex- or current employees in their Call Centres up to no good.
louiselouise

I've been with them for seven years. I think a few people on the Talktalk … I've been with them for seven years. I think a few people on the Talktalk Community Forums would disagree with you, as there's many speculating it's ex- or current employees in their Call Centres up to no good.



Ok, so you would have received the email so shouldn't be too surprised to have gotten a call?

I wouldn't say so IMO. If it's ex or current employees, then why would people by phoning customers? They would have all your information on their systems that they could simply print off / write down, take it home then use it to defraud you / or sell on to whoever...

People probably put more information about themselves in their dustbins than talktalk have lost. I bet nobody on those forums are complaining that they have suffered identity theft or direct financial losses because of it?

Our data should be secure, but they at least sent warnings to us all first, they deserve a (little) credit for that at least.
Original Poster
kjcoolcat

Ok, so you would have received the email so shouldn't be too surprised to … Ok, so you would have received the email so shouldn't be too surprised to have gotten a call? I wouldn't say so IMO. If it's ex or current employees, then why would people by phoning customers? They would have all your information on their systems that they could simply print off / write down, take it home then use it to defraud you / or sell on to whoever... People probably put more information about themselves in their dustbins than talktalk have lost. I bet nobody on those forums are complaining that they have suffered identity theft or direct financial losses because of it? Our data should be secure, but they at least sent warnings to us all first, they deserve a (little) credit for that at least.

Sad to say, but some have actually given credit card details over the phone due to these calls. I guess we'll have to agree to disagree.
louiselouise

Sad to say, but some have actually given credit card details over the … Sad to say, but some have actually given credit card details over the phone due to these calls. I guess we'll have to agree to disagree.



That is sad, and if your post prevents another person doing the same then fair enough. I don't work for talktalk btw, but if they warned customers about the security breach (which they did) and people still were silly enough to give their card details out over the phone then more fool them. All my opinion of course - you're entitled to yours
Security breaches happen. It's part of life now as hackers and security are pitted against each other on a daily basis. People fall for scams everyday and you can't blame one company for people being fooling enough to fall for a scam like this. If somebody calls you asking for card details or bank details don't do it. Simple life lesson, do you even realise how many staff a call centre has. If one member of staff steals a couple hundred phone numbers and customer references and then leaves what are they to do? Every company can at anytime have one dodgy git join but it's highly unlikely this is the case and if it is no way they can find out who
Original Poster
emodan

Security breaches happen. It's part of life now as hackers and security … Security breaches happen. It's part of life now as hackers and security are pitted against each other on a daily basis. People fall for scams everyday and you can't blame one company for people being fooling enough to fall for a scam like this. If somebody calls you asking for card details or bank details don't do it. Simple life lesson, do you even realise how many staff a call centre has. If one member of staff steals a couple hundred phone numbers and customer references and then leaves what are they to do? Every company can at anytime have one dodgy git join but it's highly unlikely this is the case and if it is no way they can find out who

It's been going on for months...they know details that only an employee would know, surely, but you're right, unscrupulous people are everywhere.

Anyway, I get the point, it seems they only acquire people's bank account details by trying to convince the customer they are genuine (and some are swayed by the amount of information they hold). I'm savvy enough to be too cynical anyway, some aren't.

At least the information is out there..many have been so annoyed by this they've just upped and left to another provider.
Edited by: "louiselouise" 18th Apr 2015
Well I'd have been taken in too, until the point they started asking for bank details. Then I may have given them the runaround for a while. Slimy people doing this. Glad you put this kind of info out Louise.
Original Poster
There's a bit more to this story - in November 2015 there was another hacking attempt - the Guardian alleges bank account details were taken but "the numbers can't be used to make payments" - what does that mean I wonder?

hotukdeals.com/dea…816 (julieallen posted about this a few days ago).

At the moment I'm wrestling with TalkTalk over their Fibre "super router" which is a bag of crap, but that's a whole other story.

I got another "we are having problems with your IP address/router" hacking call a few weeks ago, so they're still at it. They didn't expect me to say (pretending to be delighted), "Oh! You're JUST the person I want to talk to about my router!" (dodgy person hangs up).
Edited by: "louiselouise" 23rd Jul 2016
kjcoolcat

What exactly do you want talk talk to do? Someone has phoned you and … What exactly do you want talk talk to do? Someone has phoned you and they know your full name and address (and phone number obviously). And your talk talk account number. Hardly the crime of the century is it



exactly

All they can do is apologise
Original Poster
MR1123

exactlyAll they can do is apologise

I did update the story where they have allegedly got customers' bank account details as well, months after my original thread was posted - if an apology is okay with you, then that's great. Not for most people! I wonder if this is more serious than TalkTalk want us to know.
Post a comment
Avatar
@
    Text

    Top Discussions

    Top Discussions

    Top Merchants