U.K. telecoms giant TalkTalk has confirmed that it is investigating a data breach after a hacker claimed to have stolen the personal information of millions of customers.
In a post on a popular cybercrime forum seen by TechCrunch, an individual using the alias “b0nd” claimed to have stolen the personal data of more than 18.8 million current and former TalkTalk subscribers. This data, which the threat actor is offering for sale, supposedly includes customer names, email addresses, IP addresses, phone numbers, and subscriber PINs.
In a statement to TechCrunch, TalkTalk spokesperson Liz Holloway confirmed the company is investigating the data breach, but said the 18.8 million figure claimed by the hacker is “wholly inaccurate and very significantly overstated.”
TechCrunch understands that TalkTalk currently has approximately 2.4 million customers.
“As part of our regular security monitoring, given our ongoing focus on protecting customers’ personal data, we were made aware of unexpected access to, and misuse of, one of our third-party suppliers’ systems,” Holloway told TechCrunch. “Our Security Incident Response team are continuing to work with the supplier regarding this matter and protective containment steps were taken immediately.”
Holloway declined to name the third-party supplier, but screenshots shared by b0nd suggest the data was stolen from CSG’s Ascendon platform, which TalkTalk uses for subscription management.
In a statement sent to TechCrunch, CSG spokesperson Kristine Østergaard said the company learned that an “external party gained unauthorized access to a single provider’s data residing on a CSG platform” on January 21. However, she added that the CSG has “no evidence” that its systems were compromised or that CSG was the cause of the TalkTalk breach.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
TechCrunch understands that the personal details of a small subset of TalkTalk customers are stored in Ascendon. Holloway confirmed to TechCrunch that “no billing or financial information was stored on this system.”
TalkTalk was previously fined £400,000 after a 2015 data breach in which hackers stole the personal data of 157,000 customers, including some financial information. The U.K.’s Information Commissioner said at the time that TalkTalk had failed to implement “the most basic cyber security measures,” enabling hackers to “penetrate its systems with ease.”
Updated with comment from CSG.
