In an update, TalkTalk said the amount of financial data stolen from its systems was “materially lower” than expected, and said that the attack was on its public-facing website and not its core systems.
However up to four million customers remain at risk, with experts calling on authorities to investigate as urgently as it would for a large-scale physical theft, reports WIRED.
Dido Harding, CEO of TalkTalk said in an interview with Sky News: “The financial information they have on its own is not enough for them to access your bank account.”
Most of the risk, Harding said, was from criminals who would seek to pose as bank staff in calls to unsuspecting customers and phish for enough information to break into bank accounts.
“We can confirm that we do not store complete credit card details on the website; any credit card details that may have been accessed had a series of numbers hidden and therefore are not usable for financial transactions,” Talk Talk said.
“We now expect the amount of financial information that may have been accessed to be materially lower than initially believed and would on its own not enable a criminal to take money from your account,” Harding added.
The company said that the Metropolitan Police Cyber Crime Unit was continuing to investigate, adding that it had hired BAE’s Applied Intelligence arm to work with the Met to carry out the investigation.
