U.K. telecoms giant TalkTalk has confirmed that it is investigating a data breach after a hacker claimed to have stolen the personal information of millions of customers.
In a post on a popular cybercrime forum seen by TechCrunch, an individual using the alias “b0nd” claimed to have stolen the personal data of more than 18.8 million current and former TalkTalk subscribers. This data, which the threat actor is offering for sale, supposedly includes customer names, email addresses, IP addresses, phone numbers, and subscriber PINs.
In a statement to TechCrunch, TalkTalk spokesperson Liz Holloway confirmed the company is investigating the data breach, but said the 18.8 million figure claimed by the hacker is “wholly inaccurate and very significantly overstated.”
TechCrunch understands that TalkTalk currently has approximately 2.4 million customers.
“As part of our regular security monitoring, given our ongoing focus on protecting customers’ personal data, we were made aware of unexpected access to, and misuse of, one of our third-party suppliers’ systems,” Holloway told TechCrunch. “Our Security Incident Response team are continuing to work with the supplier regarding this matter and protective containment steps were taken immediately.”
Holloway declined to name the third-party supplier, but screenshots shared by b0nd suggest the data was stolen from CSG’s Ascendon platform, which TalkTalk uses for subscription management.
In a statement sent to TechCrunch, CSG spokesperson Kristine Østergaard said the company learned that an “external party gained unauthorized access to a single provider’s data residing on a CSG platform” on January 21. However, she added that the CSG has “no evidence” that its systems were compromised or that CSG was the cause of the TalkTalk breach.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
TechCrunch understands that the personal details of a small subset of TalkTalk customers are stored in Ascendon. Holloway confirmed to TechCrunch that “no billing or financial information was stored on this system.”
TalkTalk was previously fined £400,000 after a 2015 data breach in which hackers stole the personal data of 157,000 customers, including some financial information. The U.K.’s Information Commissioner said at the time that TalkTalk had failed to implement “the most basic cyber security measures,” enabling hackers to “penetrate its systems with ease.”
Updated with comment from CSG.
