TalkTalk just can't catch a break. Late last year, the quad-play provider suffered a "significant and sustained cyberattack" that resulted in the personal details of over 150,000 customers being stolen. It was the second serious breach in as many years, even prompting a government enquiry into the preventative measures in place at all UK telecoms and internet providers. Sensitive data can be obtained any number of ways, however, and TalkTalk believes it recently uncovered a small-scale leaking operation being carried out by a few of its third-party call centre reps.
As the story goes, TalkTalk noticed a connection between scam calls (over-the-phone phishing attacks) some of its customers were receiving and three employees of Wipro, the third-party company that runs TalkTalk's India-based call centre. While they had access to an "extremely limited" array of customer details, evidence suggests these workers were passing info on to scammers, hence the targeted calls. These are only allegations at this point, of course, but based on TalkTalk and Wipro's investigations, local police have arrested the three suspects for violating ICT laws. TalkTalk also said it's now looking long and hard at its relationship with Wipro.
It's important to note the October 2015 cyberattack is in a completely different league to this low-tech operation. As TalkTalk tells it, there's little to nothing you can do with the details call centre reps have access to, which is precisely why scammers use the nuggets they have to try to extract account details and other sensitive information over the phone. TalkTalk said it chose to highlight this specific incident to show it's serious about reviewing security measures after last year's hack, and to demonstrate the problems all companies face in trying to keep customer data protected.