UK telecoms giant TalkTalk has confirmed that it is investigating a data breach after a hacker claimed to have stolen the personal information of millions of customers. The hacker, using the alias "b0nd," claimed to have stolen the personal data of more than 18.8 million current and former TalkTalk subscribers, including customer names, email addresses, IP addresses, phone numbers, and subscriber PINs.

The data breach was first reported on a popular cybercrime forum, where the hacker is offering the stolen information for sale. However, TalkTalk spokesperson Liz Holloway has disputed the 18.8 million figure, calling it "wholly inaccurate and very significantly overstated." TalkTalk currently has approximately 2.4 million customers, suggesting that the actual number of affected individuals may be significantly lower.

According to Holloway, the data breach occurred due to "unexpected access to, and misuse of, one of our third-party suppliers' systems." The company's Security Incident Response team is working with the supplier to contain the breach and prevent further unauthorized access. While Holloway declined to name the third-party supplier, screenshots shared by the hacker suggest that the data was stolen from CSG's Ascendon platform, which TalkTalk uses for subscription management.

CSG did not immediately respond to questions about the breach, but TechCrunch understands that the personal details of a small subset of TalkTalk customers are stored in Ascendon. Holloway confirmed that "no billing or financial information was stored on this system," which may provide some relief to affected customers.

This is not the first time TalkTalk has faced a data breach. In 2015, the company was fined £400,000 after hackers stole the personal data of 157,000 customers, including some financial information. The UK's Information Commissioner criticized TalkTalk for failing to implement "the most basic cyber security measures," enabling hackers to "penetrate its systems with ease."

The latest breach raises concerns about TalkTalk's ability to protect its customers' personal data. While the company has taken steps to contain the breach, it remains to be seen whether it will face further regulatory action or fines. The incident also highlights the importance of robust cybersecurity measures, particularly for companies that handle sensitive customer information.

As the investigation continues, TalkTalk customers are advised to remain vigilant and monitor their accounts for any suspicious activity. The company has not yet provided information on how it plans to notify affected customers or what steps it will take to prevent similar breaches in the future.