Supply chain
β Supply Chain
TalkTalk CSG Ascendon Telecom Platform Breach
Primary Source βIncident Details
In January 2025, TalkTalk, the UK telecommunications provider, disclosed that a data breach had occurred via CSG Ascendon, its third-party subscriber management and billing platform provider. A threat actor who claimed responsibility offered the stolen data for sale on a cybercrime forum. The exposed data included subscriber names, email addresses, IP addresses, and phone numbers. TalkTalk confirmed that CSG Ascendon’s systems were the source of the breach, not TalkTalk’s own infrastructure. This is TalkTalk’s third significant data security incident following its major 2015 breach (157K customers, Β£400K ICO fine) and 2020 reseller incident.
Technical Details
- Initial Attack Vector
- Threat actors compromised CSG Ascendon, a third-party telecom billing and subscriber management platform used by TalkTalk, gaining access to subscriber account records
- Vendor / Product
- CSG Ascendon (telecom billing/subscriber management SaaS)
- Supply Chain Attack
- β Confirmed third-party / vendor compromise
Timeline
- 2025-01-01 Breach occurred
- 2025-01-22 Publicly disclosed
- 2025-01-22 Customers notified