British telecoms firm TalkTalk has announced that it has suffered a severe cyber security breach. The broadband provider has admitted that it has suffered a hack, which has compromised vast amounts of customer data (perhaps even including credit card data). News of the hack – the third memorable one of its nature that the company has suffered in recent times – has sent the firm’s stocks plummeting 7%.
Unfortunately for the British company it does not appear that this attack was anything short of extreme, with reports suggesting that 4 million customers details may have been stolen this time. The company has described the cyber-breach in its statement as ‘significant and sustained’.
Amazingly, TalkTalk chief executive Dido Harding has admitted to the BBC that the company has been approached by somebody claiming to be the hacker who is demanding ransom money. In TalkTalk’s statement, Mr. Harding apologized for the latest attack saying that he is ‘very very sorry’ for all the trouble, and worry, that it is causing for their customers.
Sadly, the reality is that even though TalkTalk has been hit by more severe and high profile cyber attacks than other firms, it is not alone. Evidence from a recent report made by Crown Records Management and Censuswide reveals that companies all over the UK have been suffering from enormous amounts of hacks. With most locations around the UK suffering breaches in over 50% of their local businesses – and 8% of companies in some places admitting to having been hacked a staggering 10 to 12 times.
At the moment, no one is entirely sure who perpetrated the attack. A Russian jihadist group has come forward taking responsibility for the breach – the likelihood of those claims, however, has yet to be confirmed by cyber security experts who are working with the company to figure out the details of the attack.
One TalkTalk customer has spoken with the media after an initial dump of stolen data was proven to be his. During an interview the TalkTalk customer – who had his name, phone number, email, home address, bank details and date of birth published to the net – said he was ‘disgusted’ that his details had been leaked by the hacker. Further commenting that he felt TalkTalk was ‘an absolute joke of a company.’
Although the confirmation of the gentleman’s details from the initial data dump does appear to prove that the hacker claiming responsibility is genuine, authorities have been quick to point out that nobody can yet confirm the religious and political reasons behind the would-be attacker’s claims.
What the initial dump does confirm is that 4 million TalkTalk users have likely had the following details put in jeopardy:
- Dates of birth
- Email addresses
- Telephone numbers
- TalkTalk account information
- Credit card details and/or bank details
For this reason, anybody who thinks that they may have been affected by the hack is strongly advised to take care of what further details they reveal to anyone who may contact them claiming to be from TalkTalk.
TalkTalk says that it never asks customers to reveal their full passwords or pin codes over the telephone, and Daniel Dresner a security expert from the University of Manchester has warned people that if they receive a phone call they should take care,
‘If you’re talking to somebody, think whether what you are saying is exactly the kind of information which would open up your bank account.’
At the moment, the TalkTalk website is still down. Any customers trying to access the page will only see a notice explaining that an investigation is under way by the Metropolitan Police Department. The notice also explains that the company’s webmail is still functioning as normal and that any customers who want further information can also contact the firm by telephone on 0800 083 2710 or 0141 230 0707.
The sudden 7% drop in TalkTalk’s stock value – due to a loss of investor confidence in the British Broadband provider – is hardly a surprise considering that TalkTalk has had similar troubles in both in February and August of this year. In one of those attacks, a customer was defrauded of £2800 by a hacker who posed as a company representative. It is for that reason that customers are strongly advised to take care about what they reveal to anybody that may contact them. A statement from TalkTalk about this latest hack says,
‘We would like to reassure you that we take any threat to the security of our customers’ data very seriously. We constantly review and update our systems to make sure they are as secure as possible and we’re taking all the necessary steps to understand this incident and to protect as best we can against similar attacks in future. Unfortunately cyber criminals are becoming increasingly sophisticated and attacks against companies which do business online are becoming more frequent.’
Many TalkTalk customers have become vocal online about this latest cyber attack, and how it is affecting their sensitive information. Daniel Musgrove from Powys in the UK, says that despite great efforts he has been unable to get through to customer support via the telephone. “They may not get a payment for my next bill if they don’t get this sorted,” he commented. Sara Jones, from East Sussex also went to the internet to voice her frustrations, ‘TalkTalk’s online advice is not proportionate to what has happened. Telling customers to ‘keep an eye on accounts’ just does not cut it in terms of advice’, she said.
Anyone who thinks they may have been affected by the hack is being advised to follow these steps:
- Report any unusual activity on their accounts to their bank and the UK’s national fraud and internet crime reporting centre Action Fraud on 0300 123 2040 orwww.actionfraud.police.uk
- Change their TalkTalk account password as soon as its website is back up and running – expected later on Friday – and any other accounts for which they use the same password
- Watch out for scams: TalkTalk will not call or email customers asking for bank details or request them to download software to their computer, or send emails asking customers to provide their password