TalkTalk faces mounting calls for compensation

25 Oct 2015 | Author: | No comments yet »

Cyber-crime needs to be tackled urgently.

TalkTalk customers targeted by cyber-criminals reacted with fury last night after being told they will be fined hundreds of pounds for cancelling their accounts. ‘It is appalling,’ said Dawn Palmer, 50, an educational manager from Leigh-on-Sea, Essex, who has received 50 calls from impostors claiming to be from TalkTalk over the past six months. ‘They said my account doesn’t run out until July 2016 so I’d have to pay an early-leavers’ penalty.’ Her sentiment was echoed by hundreds of others whose personal details were compromised.TalkTalk has called in cyber-specialists from BAE Systems to investigate the theft and ransom of four million customers’ personal and financial details by online criminals.Regulators must be given significant new “US-style” powers to tackle the escalating problem of online fraud in the wake of the cyberattack that potentially potentially compromised the security of millions of TalkTalk customers, IT experts said.

As the telecom firm’s chief executive Dido Harding faced calls to quit last night, customers took to social media to register outrage after their bank accounts were emptied following the attack. Complete credit card details are not stored in its system, and account passwords were not accessed. “We now expect the amount of financial information that may have been accessed to be materially lower than initially believed, and would on its own not enable a criminal to take money from your account,” a spokesman added. Experts from the defence giant’s Applied Intelligence division, the organisation formerly known as Detica, were combing through reams of system logs at the broadband operator’s west London headquarters alongside officers from the Metropolitan Police’s cybercrime unit. As TalkTalk’s shares slid 4.4pc on Friday, Baroness Harding, its chief executive, announced that she had received a threat that sensitive customer data would be exposed if a ransom was not paid. Baroness Harding warned customers never to give out financial details if they are contacted by phone or email by anyone asking for personal information. “TalkTalk will never call you and ask you over the phone to give your personal financial information, we will never call you out of the blue and ask you to give us access to your computer.

Although it was not certain that the threat was authentic, it is understood that the ransom demand was received before news of the breach was made public on Thursday evening. Asked whether customers should be compensated rather than penalised, Baroness Harding, who pledged to clean up the web from hackers after her elevation to the House of Lords last year, said: ‘It is too early to start thinking about generic principles of compensation.’ Consumer watchdog Which? insisted customers should now be compensated, stressing: ‘No one should lose out as a result of this breach’, while the Information Commissioner’s Office questioned whether TalkTalk acted fast enough to tell customers about Wednesday morning’s attack. The investigations remained in their early stages this weekend, but sources close to the situation said there were no indications so far of any insider involvement in the crime.

Earlier in the week, experts had warned the information seized – including names, addresses, date of birth, and email address of some of its four million customers – could still prove invaluable to criminals. “With this level of information, fraudsters can create new bank accounts or take out loans under an actual person’s name, causing problems for fraud victims for years down the road,” said Ryan Wilk, director with NuData Security. A former IT worker with the firm told The Mail on Sunday that he repeatedly raised security concerns with his bosses. ‘I told my manager, my senior manager and my head of department,’ he said. ‘But they never did anything about it.’ He said the cyber-attack in August on Carphone Warehouse, which used to own TalkTalk, should have ‘rung alarm bells’. It is likely to be asked about what steps it has taken to comply with stringent PCI/DSS regulations – the global standards set up by transaction companies such as MasterCard and Visa – that require companies to silo and isolate sensitive financial data. Several hacking groups have since claimed responsibility for the hack, including one described as a “Russian Islamist group” although there is little evidence to support this. How TalkTalk responded to the audits may be crucial as to whether it is fined by the ICO, suggested Dr Simon Moores, a former government technology adviser and chair of the International eCrime Congress, the industry body that brings together IT professionals working for governments and law enforcement agencies.

That would include a customer’s name, address, account history, bank details, even the security code on the back of their debit card.’ TalkTalk last night insisted that it had not received ‘conclusive evidence’ that any of its customers had lost out financially because of the attack. ‘It’s still too early, we are investigating,’ said a spokeswoman. Online security expert Brian Krebs said promises to post the stolen data appeared on an online black market site that specialised in selling stolen goods and illicit drugs.

Of the penalty fines on leaving contracts early, the company said: ‘Because we do not know which customers are affected we cannot make a decision on cancellation fees.’ All the major banks contacted by this newspaper said they were working with TalkTalk to ensure their customers’ accounts were not affected by the hacking and advised customers to watch out for any suspicious activity on their accounts. Most importantly, what lessons can be learnt by us all about the risks involved in living so much of our lives online – and the strategies for protection? Mr Krebs warned that opportunistic hack attacks were providing criminals with growing blackmail opportunities. “It seems as if the crooks are getting better situational awareness when they break in somewhere for an opportunistic attack to mushroom into something much bigger and most costly for the victim or organisation.” Anxious TalkTalk customers have lambasted the company’s response to the hack, with scores of people criticising the lack of information from the firm. Telecom giant AT&T was recently fined £17m over data breaches at its call centres in Mexico, Colombia and the Philippines. “In light of the TalkTalk debacle, not only must the ICO review its powers and the levels of fine it can apply against companies shown to be remiss in looking after their customers, but the Financial Conduct Authority and parliament need to look more closely at this, given the extent of data breaches starting to appear,” Moores said.

Former home office minister Hazel Blears described the TalkTalk data breach as “a wake-up call” that should prompt a debate about whether further regulation was needed, suggesting cybercrime was “probably the biggest threat to our economy”. He said: ‘These hackers will want to sell it on as soon as possible so that customers don’t have time to change their passwords.’ Harding’s husband, Tory MP John Penrose, speaking at their Somerset home yesterday, said she was working ‘incredibly hard’ at TalkTalk’s West London HQ this weekend. ‘She feels that the captain should be on the bridge of the ship right now,’ he said. In 2013 the Home Affairs Select Committee warned that the UK was now the favourite target of online criminals in 25 countries, in part because companies “simply reimburse the victims with no pursuit of the perpetrators”.

The impostor called the couple, both in their 80s, on Tuesday – the day before TalkTalk claim the hack took place – telling them that the internet connection at their Kent home was faulty. Shame on TalkTalk – that money was what my parents live on.’ Hilary Foster, a barristers’ practice manager from Surbiton, Surrey, said she discovered on Friday morning that her account had been targeted by the cyber-hackers. ‘It’s outrageous that TalkTalk didn’t tell me about the risk earlier,’ said the 43-year-old. ‘They’ve known since Wednesday and I only found out this morning when I checked my account. Since the previous attacks, we are working with world leading cybersecurity experts and investing a lot in making sure our system is as secure as possible.

Unfortunately, no system is ever totally invincible.” The company’s accounts, published in June, reveal that a Head of Security was appointed “to establish and oversee the new Security Operations Centre, the activities of which have been outsourced to cyber security experts BAe systems.” Moores said: “Everything we have seen suggests that Talk Talk historically may have failed to take reasonable steps and that the CEO appears completely out of touch with the risks that are widely described. Frankly, if it happens once and data is compromised most companies would want to do absolutely everything within their power to reassure their millions of customers, and make sure when they seek new customers they can reassure them their data is protected. To have happened three times without effective action being taken is very serious.” He said police warned him two years ago they were losing the war against cyber crime: “What tends to happen is, if you’re hacked online and money is taken out of your bank account, the banks usually give it back, and therefore people don’t try to find out who is responsible.”

Here you can write a commentary on the recording "TalkTalk faces mounting calls for compensation".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site