Talk Talk website hit by cyber attack

October 24, 2015 |

It has long been known by experts in the field of data security and privacy professionals that telecommunications companies and internet service providers are regular targets for cyber criminals.  Telcos hold considerable financial details of their customers and detailed personal information.  With the new data retention laws in place in Australia the attraction of Australian telcos for cyber attack will only grow.

The UK company Talk Talk, a phone and broadband provider with over 4 million customers in the UK has had a major data breach as reported by the BBC in TalkTalk cyber-attack: Website hit by ‘significant’ breach and TalkTalk customer data at risk after cyber-attack on company website.   As is often the way the breach has highlighted other inadequacies of Talk Talk’s security arrangement including the fact that not all customer data was encrypted.

The problem of cyber crime for business is reported in TalkTalk attack: ‘Urgent action needed’ on cyber-crime.  As the article makes clear cyber attacks are regular and sometimes constant events. That said the money and effort expended by organisations is usually inadequate.  Compliance with adequate safeguards is poor in Australia.    

The BBC article provides:

Police are investigating a “significant and sustained cyber-attack” on the TalkTalk website, the UK company says.

The phone and broadband provider, which has over four million UK customers, said banking details and personal information could have been accessed.

TalkTalk said potentially all customers could be affected but it was too early to know what data had been stolen.

The Metropolitan Police said no-one had been arrested over Wednesday’s attack but enquiries were ongoing.

TalkTalk said in a statement that a criminal investigation had been launched on Thursday.

It said there was a chance that some of the following customer data, not all of which was encrypted, had been accessed:

  • Names and addresses
  • Dates of birth
  • Email addresses
  • Telephone numbers
  • TalkTalk account information
  • Credit card and bank details

Dido Harding, chief executive of the TalkTalk group, told BBC News its website was now secure again and TV, broadband, mobile and phone services had not been affected by the attack.

‘Crime of our generation’

The TalkTalk sales website and the “My account” services are still down but the company hopes to restore them on Friday.

Ms Harding added: “We brought down all our websites [on Wednesday] lunchtime and have spent the last 24 hours investigating with the Met Police.

“It’s too early to know exactly what data has been attacked and what has been stolen.

“Potentially it could affect all of our customers, which is why we are contacting them all by email and we will also write to them as well.”

It is the third cyber attack to affect TalkTalk customers over the past 12 months.

In August, the company revealed its mobile sales site had been targeted and personal data breached.

And in February, TalkTalk customers were warned about scammers who had managed to steal thousands of account numbers and names.

Ms Harding said: “Unfortunately cybercrime is the crime of our generation. Can our defences be stronger? Absolutely. Can every company’s defences be stronger?

“I’m a customer myself of Talk Talk, I’ve been a victim of this attack.”

Banks alerted

It is expected to take some time to contact everyone and some customers have expressed anger and frustration that they are yet to hear anything.

One customer told BBC Radio 5 live: “It’s just the latest in a long line of failures… To hear about it up to 48 hours after something may have happened really isn’t good enough.”

Another said: “I only heard about it because I happened to turn the TV on. It is very worrying.”

TalkTalk urged customers to keep an eye on their accounts over the next few months and report any unusual activity to their bank and Action Fraud on 0300 123 2040.

The company said it had contacted the major banks asking them to look out for any suspicious activity on customers’ accounts. It added that every customer would be getting a year’s free credit monitoring.

Ms Harding said: “The biggest risk is that customers’ details have been stolen and criminals try to impersonate them.”

‘Rapid growth’

Professor Peter Sommer, an expert an cyber security, said TalkTalk’s rapid growth could be to blame for the breaches.

“They are acquiring more customers and each of those customers wants to do more things and so they have to increase their capacity… but that’s an expensive exercise,” he told the BBC.

“The quality and quantity of attacks increases all the time so it’s a significant problem for many companies.

“But undoubtedly TalkTalk has had significant problems for some time and they simply had to go public now because personal data is available and the Information Commissioner is going to be hard down on them to see why they haven’t performed better.”

One Response to “Talk Talk website hit by cyber attack”

  1. Talk Talk website hit by cyber attack | Australian Law Blogs

    […] Talk Talk website hit by cyber attack […]

Leave a Reply

Verified by MonsterInsights