Update: TalkTalk has issued a second statement in response to the incident, which you can read below.
TalkTalk has suffered a massive data breach that could affect up to 4 million of its UK-based customers.
The ISP has blamed the security snafu on a third party that it says had legitimate access to its customer database. In an initial statement, TalkTalk said that criminals managed to get hold of names, home addresses, phone numbers and TalkTalk account numbers of some of its customers. No other sensitive data (date of birth, bank or credit card details) was accessed.
There have however been confirmed cases where scammers have been able to use those four pieces of information to siphon thousands out of unsuspecting customers who believed they were talking to genuine TalkTalk employees.
In a second statement, TalkTalk said that the incident has affected a "small but significant" number of its customers on the consumer side, and that businesses remain unaffected. It said:
"At TalkTalk we take our customers' security very seriously and we take numerous measures to help keep our customers safe. Yet sadly in every sector, criminal organisations using phone and email scams are on the rise.
"At the end of last year, we saw an increase in malicious scammers preying on our customers. In a small number of cases, customers told us that the criminals were quoting their TalkTalk account number as well as their phone number.
"As part of our ongoing approach to security we continually test our systems and processes and following further investigation into these reports, we have now become aware that some limited, non-sensitive information about some customers could have been illegally accessed in violation of our security procedures. We are aware of a small, but nonetheless significant, number of customers who have been directly targeted by these criminals and we have been supporting them directly.
"We want to reassure customers that no sensitive information like bank account details has been illegally accessed, and TalkTalk Business customers are not affected. We have taken serious steps to remedy this and we are continuing to work with the ICO.
"We want to help our customers protect themselves from scams so we are writing to all customers again to warn them about this criminal activity, with full advice, support and a reminder of the many free service TalkTalk offers to try to stop malicious scams reaching them."
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website builders and web hosting when DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.