Noticed this when looking through the news today. Probably the same company that was (is?) trying to scam BT customers. Don't understand how folks fall for this sort of thing.
1. It's not BT's job to warn you of activities not performed by them. It's not BT calling you, it's got nothing to do with BT.
2. Whether you're ex directory or not is irrelevant, they don't get it from a directory, they get it from data left by you on customer websites for absolutely anything where your data is sold/shared on legally or illegally.
3. They don't know you're a BT customer, they guess and in many cases they guess right. It's a phish.
4. It isn't a "leak" in BT Security, it doesn't come from BT, call centre or otherwise. It's actually a leak in your own security where you've entered your number into some website or other.
5. Threatening BT about not being their customer will get you nowhere. It's not their issue.
6. There is no "anti virus software" installed anywhere in your phone line or router by BT or anyone else! If you mean you are registered for TPS then that's not BT and it doesn't cover non UK calls.