© 2025 CoolTechZone - Latest tech news,
product reviews, and analyses.

TalkTalk investigating data breach at third-party supplier


UK telecommunications company TalkTalk is looking into a data breach at a third-party supplier after a threat actor posted a message on the dark web.

A hacker with the alias ‘b0nd’ posted a message on Breach Forums, a popular hacking forum on the dark web, claiming he stole a large dataset from TalkTalk.

“This breach took place in January 2025 and affects 18,839,551 current and previous customers,” he states. He claims he was able to lay his hands on full names, email addresses, IP addresses, phone numbers, and subscriber PINs.

Liz Holloway, a spokesperson for TalkTalk, confirms that the company is investigating the data breach. However, she denies the threat actor’s claim that he stole 18.9 million customer records, calling this number “wholly inaccurate and very significantly overstated”.

“As part of our regular security monitoring, given our ongoing focus on protecting customers’ personal data, we were made aware of unexpected access to, and misuse of, one of our third-party suppliers’ systems. Our Security Incident Response team are continuing to work with the supplier regarding this matter and protective containment steps were taken immediately,” she told TechCrunch.

Screenshots provided by ‘b0nd’ suggest that the data was stolen from CSG Ascendon, a cloud-based subscription management platform. The company has acknowledged that the data the threat actor is offering originated from their platform.

“On January 21, 2025, CSG learned that an external party gained unauthorized access to a single provider’s data residing on a CSG platform. We have no evidence that CSG’s technologies and systems were compromised or that CSG was the cause of the unexpected access to the data. CSG provided immediate containment and is actively supporting our customer,” CSG Ascendon told BleepingComputer in a statement.

The company stresses the incident affected only one customer.

Back in 2015, TalkTalk suffered a data breach. Hackers were able to exfiltrate personal information of over 150,000 customers. The Information Commissioner’s Office, the United Kingdom’s data protection authority (DPA), imposed a fine of £400,000 for the incident.


Leave a Reply

Your email address will not be published. Required fields are marked