Let's not jump to conclusions
Okay, it's great fun slagging off TalkTalk, 'cos they are pretty rubbish, but...
So far there's no evidence that they've been hacked or anything. The data that has allegedly been used could just as easily have been acquired by a more traditional, physical route. Perhaps a printed report of customer details in the TalkTalk accounts dept, that didn't get shredded after use, but instead found its way into the pocket of a dodgy junior member of staff, who then flogged it. Technically a security breach, but strip-searching all staff on the way out is probably overkill for a phone company.
Not all data breaches are down to clever hackers and security loopholes. They may well be in this case, but we don't know.