TalkTalk data theft could affect millions of users

TalkTalk customers have been warned about scammers who managed to steal account numbers and names from the company's computers.

In an email sent to every customer, TalkTalk said scammers were using stolen information to trick people into handing over banking details.

TalkTalk said it had sent the email to every customer although only a few thousand account numbers went astray.

The theft of data was unearthed when TalkTalk investigated a sudden rise in complaints from customers about scam calls between October and December 2014.

Andrew Avanessian, EVP of Consultancy and Technology Services at Avecto said the breach was one in a long line of examples where a proactive security stance could have helped:

"This is yet another reminder that a business is only as secure as the weakest link in its supply chain. It is a matter of access in this case. There are still too many businesses giving third parties unnecessary access to their corporate systems, and determined attackers will use these suppliers to gain an initial foothold in the target system. Companies need to be more savvy and proactive when it comes to the supply chain.

"Attackers often exploit innocent employees and customers with social engineering campaigns, businesses should limit their exposure to this risk by adopting a least privilege approach to user access. Businesses should prepare for when they are targeted, not if, and taking control of who has access to what is the obvious starting place.

"Customers should also remain vigilant against such attacks and not engage in unsolicited contact that requests personal of financial information. If they are unsure of what they are being asked they should hang up and make a call back to the company's official number, thus confirming authenticity."