TalkTalk breach: Third arrest, data already for sale, criminals targeting pensioners

News about the TalkTalk breach and the investigation of it are coming fast and thick.

After the arrests of two teens (one in Northern Ireland, the other from Feltham) believed to be connected to the breach, came that of a third man – a 20-year-old in Staffordshire. All three have since been bailed to different dates.

In the meantime, TalkTalk has shared some more definite information about what was compromised in the hack on their website on the 21st October:

  • Less than 21,000 unique bank account numbers and sort codes
  • Less than 28,000 obscured credit and debit card details (as previously stated, the middle 6 digits had been removed)
  • Less than 15,000 customer dates of birth
  • Less than 1.2 million customer email addresses, names and phone numbers.

The company has also (finally!) started contacting affected users directly, telling them what information has been accessed.

“As we have previously confirmed, the credit and debit card details cannot be used for financial transactions. In addition, we have shared the affected bank details with the major UK banks so they can take their usual actions to protect customers’ accounts in the highly unlikely event that a criminal attempts to defraud them,” the company added, and urged affected users to take advantage of the free 12 months of credit monitoring alerts offered.

They also set up a helpful guide to scam calls that affected customers might be hit with (fake refunds, technical support, directing them to scam websites, etc.) because the danger is real: according to The Mirror, hackers are selling TalkTalk customers’ bank details for £1.62 a time on AlphaBay, an underground darknet market for illegal goods.

Organized criminals are already leveraging that information to try and scam affected users, and are very effectively targeting those aged 65+ (the compromised dates of birth come in handy) because of their trusting nature.