UK Parliamentary Committee launches enquiry into cyber security as a result of the TalkTalk breach
November 9, 2015 |
The successful cyber attack on TalkTalk was, by any measure, a very serious and damaging breach. Telcos are a honey pot of personal information and TalkTalk had 4 million customers. Four million sets of names, addresses, credit card numbers and other tit bits of data which would give a fraudster a superannuation pot to die for. It has been a disastrous hit to TalkTalk’s reputation. And in cyberspace reputation is vital. Users are notoriously skittish on data security issues.
As much as the breach was worrying at least as worrying was the fact that TalkTalk had been the subject of two earlier attacks this year.
The UK House of Commons Culture, Media and Sport Committee have launched an inquiry into cyber security. The terms of reference include consideration of the cyber attacks on TalkTalk and the measures that are being put in place to counteract threats, including the role of encryption. What is particularly interesting is that the Committee is looking at the adequacy of the regulators approach in ensuring compliance. That is critical. Proper enforcement improves the culture of compliance. The converse is also true, as the Australian experience attests.
The Information Commissioner issued a very brief statement at the time of the breach.
One issue that has grown over time is poor redress mechanisms available to consumers affected by security breaches. The legislative structures is hostile to consumers talking action on their own. The regulators, when active, focus on the breach and the organisation. This problem has been growing over time in the United Kingdom and Australia.
The announcement, Cyber security: Protection of personal data online inquiry launched, by the Committee states:
The Culture, Media and Sport Committee have launched an inquiry into cyber security following the recent cyber-attack of TalkTalk’s website. Initially it was feared that the personal details, including bank details, of over four million customers had been hacked and made public.
The cyber-attack gives rise to questions and concern over the ways companies store and secure information about their customers. TalkTalk has already been subject to two previous attacks this year.
In light of these incidents, the Culture, Media and Sport Committee has decided to hold an inquiry into the circumstances surrounding the TalkTalk data breach and the wider implications for telecoms and internet service providers. In particular, the Committee is interested to receive views in response to the following areas:
- The nature of the cyber-attacks on TalkTalk’s website and TalkTalk’s response to the latest incident
- The robustness of measures that telecoms and internet service providers are putting in place to maintain the security of their customers’ personal data and the level of investment being made to ensure their systems remain secure and anticipate future threats
- The nature, role and importance of encryption in protecting personal data
- The adequacy of the supervisory, regulatory and enforcement regimes currently in place to ensure companies are responding sufficiently to cyber-crime
- The adequacy of the redress mechanisms and compensatory measures for consumers when security breaches occur and individuals’ personal data are compromised
- Likely future trends in hacking, technology and security
The deadline for written submissions is Monday 23 November 2015.
The Committee expects to hear evidence for this inquiry late November. This inquiry will be conducted alongside the establishing world-class connectivity throughout the UK inquiry.
Chair’s comment
Chair of the Committee, Jesse Norman MP, said:
“The recent events have highlighted serious issues relating both to existing cyber-security and the response to cyber-crime. This Committee is concerned with the attacks on TalkTalk specifically as a telecoms and internet service provider, but with the recent move of the Information Commissioner’s Office to DCMS, we will also be looking more widely at the security of personal information online.”
[…] UK Parliamentary Committee launches enquiry into cyber security as a result of the TalkTalk breach […]