The Information Commissioner’s Office was informed about the data breach at 4.30pm on Thursday, but the attack began on Wednesday.
Advertisement
TalkTalk said information including customer names, addresses and bank details could have been compromised, and that it had informed London’s Metropolitan Police Cyber Crime Unit.
The website of phone and broadband company TalkTalk has been hacked by cybercriminals, and the company has warned customers that unencrypted personal details and bank account information could have been stolen.
The group has suffered security breaches before, including in August when servers owned by Carphone Warehouse, the retailer which founded TalkTalk, were attacked, potentially affecting TalkTalk’s mobile customers.
In a letter to customers, TalkTalk managing director Tristia Harrison said the company took “any threat to the security of our customers’ data very seriously”.
The company has come under fire for lax cybersecurity practices leading up to the breach and a notification process a few say is too slow.
However, the accuracy of the information has not been verified and there was also speculation that blackmailers could be behind the attack.
“More frequently exfiltration of personal data comes on the heels of a DDoS attack, as this activity can be used to map or profile a network’s existing security defenses, pinpointing holes in security or vulnerabilities to exploit”. TalkTalk has been quite proactive in notifying their customers of the service outage, yet details on the impact have been scarce.
“We are offering a year’s free credit monitoring for all of our customers and will be contacting customers with the details”, says the company, bolting the door as horses run free in the fields.
A spokesperson for the company told The Huffington Post United Kingdom: “We can confirm that we were contacted by someone claiming to be responsible and seeking payment”.
He said the samples FireEye has collected contain specific bank account and credit card information from what appears to be TalkTalk customers.
“There was “some partial” encryption of credit card numbers we are led to believe, but businesses need to understand that all our private data has a value not just the direct financial stuff”, he explained.
TalkTalk has outlined on its website all the steps people might want to take to ensure they are as secure as possible.
Advertisement
“Companies should implement proper use of cryptography, encrypting the sensitive data and hashing the passwords in cryptographically sound way”.
