TalkTalk: 'Hackers stole customers' personal details - two months ago' [UPDATED]

Communications companies admits in email to customers that their personal details were compromised in attack last year

TalkTalk has finally confirmed in an email to customers that their personal details were compromised in a successful hack perpetrated at the end of last year.

Personal data stolen from TalkTalk in the attacks included names, addresses, phone numbers and account numbers. Furthermore, the company has admitted that the information has been used in cases of attempted identity theft with scammers using the data to try and get bank account, credit card details and other information from customers.

The company claims that other sensitive details, such as bank account and credit card numbers used to pay for TalkTalk accounts were not compromised - although customers may want to check their statements carefully and inform their banks.

TalkTalk claims that it only became aware of the attack following complaints from customers about bogus cold calls from scammers, quoting account numbers, claiming to be from the company.

"At the end of last year, we saw an increase in the number of cases of malicious scammers claiming to be from TalkTalk preying on our customers. In a small number of cases, customers told us that the criminals were quoting their TalkTalk account number, as well as their phone number," according to the letter published by one customer.

It continued: "As part of our ongoing approach to security, we constantly test our systems and processes using external security consultants. Following further investigation into these reports, we have now become aware that some of the information we have about some customers - their name, home address, phone number and TalkTalk account number - could have been illegally accessed... by malicious scammers.

"Please rest assured that your sensitive information of data of birth, bank, or credit card details have not been illegally accessed," the TalkTalk email claimed.

However, some customers, it admitted, may have been tricked into divulging bank account and other details, which the scammers could have used to defraud TalkTalk's customers.

The company was keen to play down the extent of the attack, claiming that only a very small subset of customers' details were compromised.

"We are aware of a small, but nonetheless significant, number of customers who have been directly targeted by these criminals and we have been supporting them directly," a spokesman told Computing.

He continued: "Because we want to err on the side of caution and protect customers, we are contacting all customers again confirming the incident and reminding them again of the steps they should take to prevent the fraudsters from obtaining any further information from them."

The apparent delay in providing official confirmation of the attack to customers may lend weight to calls for new laws obliging organisations to go public when their systems are compromised in cyber attacks.

While the US has been hit by a string of high-profile cyber attacks at big-name companies, especially retailers, there has been relative silence across the UK and Europe, fuelling the fear not that their cyber defences are better, but that they have been covering up successful attacks.

TalkTalk was demerged from retailer Carphone Warehouse in 2010 and posted revenues of £1.67bn in fiscal 2013. It runs mobile communications over the Vodafone network, and also offers broadband, fixed-line phone and a basic television service.