As the story goes, TalkTalk noticed a connection between scam calls (over-the-phone phishing attacks) some of its customers were receiving and three employees of Wipro, the third-party company that runs TalkTalk's India-based call centre. While they had access to an "extremely limited" array of customer details, evidence suggests these workers were passing info on to scammers, hence the targeted calls. These are only allegations at this point, of course, but based on TalkTalk and Wipro's investigations, local police have arrested the three suspects for violating ICT laws. TalkTalk also said it's now looking long and hard at its relationship with Wipro.
It's important to note the October 2015 cyberattack is in a completely different league to this low-tech operation. As TalkTalk tells it, there's little to nothing you can do with the details call centre reps have access to, which is precisely why scammers use the nuggets they have to try to extract account details and other sensitive information over the phone. TalkTalk said it chose to highlight this specific incident to show it's serious about reviewing security measures after last year's hack, and to demonstrate the problems all companies face in trying to keep customer data protected.