5 things you need to know about the TalkTalk cyberattack

23 Oct 2015 | Author: | No comments yet »

5 things you need to know about the TalkTalk cyberattack.

LONDON — TalkTalk, which provides mobile phone, broadband Internet and pay television services, has said private data from its 4 million British customers may have been compromised in a “significant and sustained” cyberattack on its website.The website of phone and broadband company TalkTalk has been hacked by cybercriminals, and the company has warned customers that unencrypted personal details and bank account information could have been stolen.TalkTalk has displayed a disregard for the safety of its customers’ data, according to security experts who say the telecoms firm has mishandled its response to being hacked.

This wasn’t an attack aimed at interrupting its ability to do business or provide its services, this was an attack the goal of which seemed to be accessing the personal data of its millions of customers. The attack happened on Wednesday, but TalkTalk only alerted police and the UK’s data protection watchdog on Thursday afternoon, leading to criticism from several experts. Justin Harvey, chief security officer of Fidelis, said: “It shouldn’t have taken the police to get involved for TalkTalk to own up to the problem. In the meantime their customers’ identities have been exposed. “The sheer number of people that will be affected by this breach, in a personal and business capacity, means that it will be one of the defining cyber-attacks of 2015.” After being slow to notify customers initially, TalkTalk then leapt into action, with its chief executive, Dido Harding, giving a series of media interviews.

TalkTalk was attacked on 21 October, although they have described the attack as “significant and sustained”, perhaps indicating that the initial criminal access may have begun considerably earlier. In August, its mobile sales site was targeted and personal data breached, and in February, hackers were able to steal account numbers and names of TalkTalk customers.

The fall in TalkTalk’s stock price is particularly precipitous compared to a similar hack on TalkTalk owner Carphone Warehouse in August, which compromised more than 2.4 million customers’ personal details. “The challenge for business leaders is that the implementation of cyber-security measures does not generate revenues,” said Cameron Brown, senior cyber defence advisor and forensic investigator, who has collaborated on investigations with the US Secret Service and the London Metropolitan Police. The Met Police’s cyber crime unit said in a statement Friday that it’s investigating allegations of data theft, saying that it would be working with the National Crime Agency on the case. “TalkTalk have done everything right in bringing this matter to our attention as soon as possible,” said Detective Superintendent, Jayne Snellgrove of the Cyber Crime Unit. It happened gain in again in February, when TalkTalk customers were subjected to further scams, despite the company describing the information stolen in the breach as limited and non-sensitive. Although TalkTalk states unequivocally in its FAQs that it has not breached the Data Protection Act, as “this was a criminal attack”, that conclusion may be both premature and presumptuous.

TalkTalk Mobile customers were also affected by an attack on Carphone Warehouse systems in which the personal information of up to 2.4 million customers was stolen. However, the head of TalkTalk said Friday afternoon that she received an email from a group claiming to have carried out the attack who were seeking a ransom. “We can confirm we were contacted by someone claiming to be responsible and seeking payment,” a company spokesperson said. “Everything else is a matter for the police.” TalkTalk and police have said customers need to be vigilant about their accounts over the coming months and report anything unusual back to their bank and to Action Fraud, the UK’s fraud and Internet crime centre. The seventh principle of the act states: “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.” There is a very strong case to be made that such a large volume of extremely sensitive data should have been more effectively protected. Even in the event that the attackers used a previously unknown vulnerability to access the data in question, it should have all been encrypted and thus useless to the attacker in the event of a data breach. Online crime is a firmly established underground business: criminal groups and individuals exist in all countries of the world who trade in and benefit from stolen personal and financial data.

Greg Aligiannis, senior director of security at Echoworx, said: “The most concerning revelation from today’s news is the blasé approach to encrypting customer data. They only need to have security that is appropriate to the type of data they are holding and the harm that may result from the loss of that data,” said Mahisha Rupan, a senior associate at the law firm Kemp Little. If you are, or have been, a customer of TalkTalk now is a time for increased vigilance against email or telephone-based attacks or attempts to glean further information from those already victimised. For the 4 million customers who have had their data stolen, the attack could be the beginning of something larger, as personal information is valuable. Raj Samani, chief technology officer for Intel Security in EMEA, said: “Not only are huge amounts of stolen information readily available online, but buyers do not even have to delve into the darknet to access this information.

Almost any information you can imagine can – and is – being sold online, extending far beyond credit card details.” The only way forward for the company, which must rebuild consumer trust, is clear and concise communication to customers of a plan to rectify the issue. Simon Mullis, global technical lead at the security firm FireEye, said: “Security is no longer an IT problem, it’s a business issue, as the way in which a company responds to such an attack can have a huge impact on its stakeholder value. TalkTalk have been contacting their customers to apologise and inform but their communication should not request any details from you or contain any links for you to click. If you receive an unsolicited call purporting to come from a TalkTalk representative do not give away any information, simply hang up and call the TalkTalk customer service line yourself.

Keep a close eye on your accounts for unauthorised transactions, even for very small amounts – these are often used as “test transactions” before a larger fraud is made and make sure you use the free credit monitoring being offered by TalkTalk in this instance. It is never a good idea to use the same password across multiple websites, so try to have a unique one for every site you use or, better yet, use a password manager, which offers you the convenience of only having to remember a single “master password” with the security of unique passwords for every service.

Here you can write a commentary on the recording "5 things you need to know about the TalkTalk cyberattack".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site