Not at all surprised tbh I wouldn't be surprised if Talk Talk had sold the information to boost their profits
"The Guardian has indicated that neither TalkTalk nor the banks in question are taking responsibility for any losses, and are not looking to refund customers who have been scammed in this way." Why not? Where is the consumer data protection that we're meant to enjoy? Where is the financial penalty for the private company for having lost or allowed to be compromised, consumer data? Whenever and wherever this happens, heavy fines MUST follow. Companies need to learn the hard way that protecting their customer data should be a paramount concern. Only when they realise that losing data is going to cost them big time are they actually going to pull their fingers out of their behinds and put some effort into this. It happens far too often and almost seems to be an expected occurrence these days. It's unacceptable.
In the case of the bank, it's because the punters in question were conned - which isn't the bank's fault. The bank has all kinds of protections in place: the Guardian piece specifically details how one victim even confirmed the near-£3,000 transfer using the bank's SMS-based two-factor authentication system. In the case of TalkTalk, it obviously doesn't want to take responsibility because then it'll have to pay thousands of pounds to its customers and has no legal recourse itself to recover any of that money. That would be the responsibility of the Information Commissioner's Office (ICO), which is something of a paper tiger. It can fine companies for breaches, but often doesn't.
I've just moved house and cancelled my talk talk account about a month ago. Should i expect an email since i was a customer at the time of the breach......my guess is don't hold my breath.