British broadband provider TalkTalk has been hacked for the third time this year, the company announced late Thursday, and customers’ data — including credit card details — may have been stolen.
In a statement, TalkTalk called the attack “significant and sustained.” Up to 4 million customers may be affected, according to the Financial Times. The Metropolitan Cyber Crime Unit is now investigating.
Here’s what customer data TalkTalk says may have been “accessed” — and presumably stolen:
- Dates of birth
- Email addresses
- Telephone numbers
- TalkTalk account information
- Credit card details and/or bank details
The company has around 4 million UK customers.
The BBC is reporting that TalkTalk’s website was targeted by a DDoS attack — overwhelming servers with traffic. This on its own wouldn’t give the attacker access to internal data, however.
The TalkTalk website is still unavailable; as of Friday morning, this is what users attempting to access their account see:
TalkTalk has been hit with hack attacks before.
In a statement, TalkTalk said:
We would like to reassure you that we take any threat to the security of our customers’ data very seriously. We constantly review and update our systems to make sure they are as secure as possible and we’re taking all the necessary steps to understand this incident and to protect as best we can against similar attacks in future. Unfortunately cyber criminals are becoming increasingly sophisticated and attacks against companies which do business online are becoming more frequent.