X

Third man arrested over TalkTalk hack as Vodafone reveals cyberattack of its own

Vodafone is the second British telecommunications company in two weeks to be on the receiving end of a serious hack.

Katie Collins Senior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
Katie Collins
3 min read

Vodafone has notified affected customers of the attack.

Vodafone

Yet another UK telecom company has fallen victim to hackers.

Mobile network Vodafone said on Saturday that it was subject to a cyberattack on Wednesday and Thursday, with 1,827 customer accounts left exposed. This follows a ""="" shortcode="link" asset-type="article" uuid="37891742-1c9f-4905-b786-05bb2cd5a44a" slug="isp-talktalk-hit-by-significant-and-sustained-cyberattack-in-uk" link-text="" section="news" title="UK Internet provider TalkTalk hit by 'significant, sustained cyberattack'" edition="us" data-key="link_bulk_key" api="{"id":"37891742-1c9f-4905-b786-05bb2cd5a44a","slug":"isp-talktalk-hit-by-significant-and-sustained-cyberattack-in-uk","contentType":null,"edition":"us","topic":{"slug":"privacy"},"metaData":{"typeTitle":null,"hubTopicPathString":"News^Privacy","reviewType":null},"section":"news"}"> on UK broadband provider TalkTalk two weeks ago.

Police said on Sunday that they have arrested and bailed a third man in relation to the TalkTalk hack. The unnamed 20-year-old was arrested on suspicion of Computer Misuse Act offences at an address in Staffordshire, which has been searched by police. This follows the arrest of two teenage boys -- one in London and one in Northern Ireland -- and suggests that the attack was coordinated, rather than the work of a lone individual.

Vodafone says it has contacted affected customers to let them know that their names, mobile numbers, bank account sort codes and part of their account numbers might have been accessed by hackers.

TalkTalk and Vodafone are just the latest in a long list of companies targeted due to their storage of customer data. Such attacks render consumers powerless to control who can see their data and negatively impacts trust between companies and their customers. Data may be used against customers in a number of ways, with the ultimate goal of gaining access to their bank accounts, or creating new accounts and taking out loans under their names.

Victims of hacking can be the target of phishing calls and emails, which are designed to prise further personal information from them, explains Ryan Wilk, director at NuData Security, or their data can be sold onto third-party aggregators, who cross-reference it to build up full profiles.

"The creation of fraudulent accounts is on a sharp rise," Wilk said. "Of the 500 million plus account creations we analyzed over a few months, more than 57 percent of them were flagged fraudulent and account creation fraud has risen over 100 percent since February of this year alone."

Initially TalkTalk said that all of its 4 million customers might have been victims in the attack, but on Friday revised the number down to 1.2 million. This number refers to the customer email addresses, names and phone numbers. Of these customers, 21,000 unique bank account numbers and sort codes were exposed and 28,000 obscured credit and debit card details.

"On behalf of everyone at TalkTalk, I would like to apologise to all our customers," said the company's CEO Dido Harding in a statement. "We know that we need to work hard to earn back your trust and everyone here is committed to doing that."

TalkTalk is offering 12 months of credit-monitoring alerts from Noddle to customers for free. It has also shared details of exposed bank accounts with the banks in question so that they can take action to protect affected customers, should anyone attempt to defraud them. The company continues to warn customers to watch out for scam phone calls and emails.

Detective Superintendent Jayne Snelgrove of London's Metropolitan Police Cyber Crime Unit praised the way TalkTalk has handled the hack, saying that the company has "done everything right in bringing this matter to our attention as soon as possible."

"Our success relies on businesses being open with us and each other about the threats they encounter," she added.