TalkTalk hit by ‘significant and sustained’ data breach

23 Oct 2015

It’s too early to know exactly what data has been attacked and what has been stolen, said TalkTalk CEO Dido Harding

A criminal investigation is already underway into a “significant and sustained cyberattack” on TalkTalk, with personal details of users potentially in the breach.

The company has released a statement on the issue, stating that the UK cybercrime unit of the police is investigating the case, which happened on Wednesday this week.

Among the potential data that has been compromised is (deep breath) customer names, addresses, DOBs, email addresses, telephone numbers, TalkTalk account information and credit card and bank details.

So if you’re a Talk Talk customer, it’s probably best to “keep an eye on your accounts over the next few months”, according to the company, which is in the process of contacting all its customers.

‘Potentially it could affect all of our customers, which is why we are contacting them all by email and we will also write to them as well’
– DIDO HARDING, TALKTALK

“We are offering a year’s free credit monitoring for all of our customers and will be contacting customers with the details,” said the company, bolting the door as horses run free in the fields.

“It’s too early to know exactly what data has been attacked and what has been stolen,” said Dido Harding, chief executive of the TalkTalk group.

“Potentially it could affect all of our customers, which is why we are contacting them all by email and we will also write to them as well.”

Fallout from TalkTalk data breach

The fallout of this could well be massive, with customers basically playing the waiting game to see if something untoward happens to their information.

Bizarrely, early claims are that a Russian Islamist group is behind the hack, with cybersecurity consultant and former Scotland Yard detective Adrian Culley saying that some details, potentially of TalkTalk customers, have been posted online.

This has not been verified. The attack is said to have been a DDoS, with the financial details of customers held in the UK.

Richard Cassidy of Alert Logic notes that this is a recurring theme, calling for an overhaul of how companies protect, and inform, customers.

Cassidy feels businesses should be held accountable for financial losses on behalf of slighted customers in situations like this, with the vast majority of victims “not tech savvy”.

“It would be far better for organisations of the ilk of TalkTalk to offer up better information to consumers on how to identify how their data could be used [by hackers].”

Data breach image via Shutterstock

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com