Given its massive size and its millions of customers, TalkTalk was a prime target for cyberattackers, and unfortunately, the company made it all too easy for the breach to occur. TalkTalk reported today that it is working in conjunction with the Metropolitan Police Cyber Crime Unit after it experienced a “significant and sustained cyber attack” on Wednesday.
TalkTalk has roughly four million customers and according to a spokeswoman speaking with The Wall Street Journal, the “worst-case scenario” is that personal information on every single one of its customers is now out in the open.
TalkTalk CEO Dido Harding
The hackers were able to gain access to a wealth of personal data including:
- Dates of birth
- Email addresses
- Telephone numbers
- TalkTalk account information
- Credit card details and/or bank details
“We take any threat to the security of our customers’ data extremely seriously and we are taking all the necessary steps to understand what has happened here,” said TalkTalk CEO Dido Harding. However, those are rather hollow word considering that this is the third time that the company has been breached by hackers in less than a year. And if that wasn’t bad enough, take a look at this:
TalkTalk admits that it didn’t encrypt all customer data, but it now appears credit card/bank details weren't secured. Christ.— Matt Brian (@m4tt) October 23, 2015
Now seems TalkTalk attack was DDoS followed by SQL injection - one expert tells me it's "disappointing" they fell victim to this technique— Rory Cellan-Jones (@BBCRoryCJ) October 23, 2015
And to make matters worse, Harding claims that she has received an email from the hackers demanding ransom for the data that was slurped from TalkTalk’s servers. "All I can say is that I had personally received a contact from someone purporting - as I say I don't know whether they are or are not - to be the hacker looking for money,” said Harding in an interview with BBC News.
As it typically the case in these security breaches in which customer data is leaked, TalkTalk is offering free credit monitoring for its customers. But that may be little comfort to customers that are left exposed due to lax security protocols.