Nearly 157,000 TalkTalk customers had their personal details stolen by hackers, the company has now confirmed. Of those, 15,600 full bank account numbers and sort codes were accessed.
The internet provider said the sensitive personal data of four percent of its customers was at risk, "much more limited" than initially suspected. A TalkTalk spokesperson said scam calls and emails from criminals pretending to be TalkTalk or a bank remained a "real issue".
TalkTalk reiterated that the attack was on its website, not its core systems. In total, 156,959 customers had their personal details accessed by hackers in some way, with 15,656 full bank account numbers and sort codes also stolen.
In addition, the obscured credit and debit card numbers of 28,000 customers were also accessed. These card details are "orphaned" from customer data, according to the internet provider, meaning individuals "cannot be identified" from stolen financial information. TalkTalk explained that a stolen debit card number might be 012345 xxxxxx 6789.
Similar numbers had been released by TalkTalk in late October, but it said it could now confirm the full extent of the attack.
As well as financial information, personal details accessed by hackers included name, address, date of birth, telephone number and email address. TalkTalk account passwords were not accessed.
Earlier this week police released a 16-year-old boy from Norwich on bail, the fourth person arrested in connection with the attack. A 15-year old boy in Northern Ireland, a 16-year-old boy from London and a 20-year-old man from Staffordshire have also been arrested and bailed in connection with the hack.
TalkTalk reminded customers to be wary of scam phone calls and emails. The internet provider admitted some customers whose details had been stolen had not yet been contacted. It said some had been contacted already, but other affected users would be notified in the "coming days".
This article was originally published by WIRED UK
