British telecoms company TalkTalk has issued a new statement about last week’s hack on its website, saying that “less than 1.2 million” customer email addresses, names and phone numbers were accessed in the breach.
“Less than 21,000” unique bank account numbers and sort codes, “less than 28,000” credit card details (with some digits obscured), and “less than 15,000” customer dates of birth were also accessed in the attack, the company said in an email.
TalkTalk has around 4 million UK customers in total, although not all had accounts on TalkTalk’s website. The company says only its website, rather than its “core systems,” was breached.
In a statement, TalkTalk CEO Dido Harding said: “Today we can confirm that the scale of attack was much smaller than we originally suspected, but this does not take away from how seriously we take what has happened and our investigation is still ongoing.
“On behalf of everyone at TalkTalk, I would like to apologise to all our customers. We know that we need to work hard to earn back your trust and everyone here is committed to doing that.”
TalkTalk says it has received a ransom note from someone claiming to be the hacker following the attack, which reportedly demanded £80,000 in bitcoin.
Two teenage boys have been arrested and subsequently bailed as part of the police investigation into the hack — a 15-year-old from County Antrim, Northern Ireland, and a 16-year-old from West London.