UK ISP TalkTalk hires defense firm after hackers stole data from 4M customers
Cyber-hacking victims’ fury as they are charged £245 to leave TalkTalk and calls grow for boss to step down.
TalkTalk chief executive Dido Harding has insisted the company’s cybersecurity is “head and shoulders” better than its competitors in the wake of the massive hack attack affecting thousands of customers. (By Kylie MacLellan, Reuters) – British broadband provider TalkTalk said on Sunday it had hired defense company BAE Systems to investigate a cyber attack that may have led to the theft of personal data from its more than 4 million customers.
Last week, it was revealed that a group of Russian jihadist hackers had broken into the company’s computers and accessed the personal data and bank details of customers, with one expert likening it to ‘the Great Train Robbery of the 21st century.’ Information security consultant Paul Moore has also claimed that the firm previously ignored his warnings about data incryption after making changes to the way that credit and debit card payments were handled.TalkTalk customers targeted by cyber-criminals reacted with fury last night after being told they will be fined hundreds of pounds for cancelling their accounts. ‘It is appalling,’ said Dawn Palmer, 50, an educational manager from Leigh-on-Sea, Essex, who has received 50 calls from impostors claiming to be from TalkTalk over the past six months. ‘They said my account doesn’t run out until July 2016 so I’d have to pay an early-leavers’ penalty.’ Her sentiment was echoed by hundreds of others whose personal details were compromised.TalkTalk Telecom Group Plc said the cyber-attack on its website this week probably gleaned less financial information than initially thought, and not enough to allow access to customers’ bank accounts.
In an interview with the Guardian, Harding conceded it would be “naive” to rule out the prospect of the telecoms firm suffering a similar cyber-attack in the future, describing the threat from hackers as “the crime of our generation”. Asked about claims by an IT researcher that he raised concerns about TalkTalk’s security with her office last September, Harding said its security had “improved dramatically” in the last year. A spokeswoman for BAE’s Applied Intelligence division said the company’s cyber-specialists were analyzing “vast quantities” of data to help establish how the breach happened and what information was stolen. TalkTalk last night insisted that its website rather than its computer servers were targeted and that no credit card details are stored on the website. Adultery website AshleyMadison.com was hit in July and the perpetrators ended up releasing information they said included details of more than 36 million users including full names, e-mails and banking information.
Asked whether customers should be compensated rather than penalised, Baroness Harding, who pledged to clean up the web from hackers after her elevation to the House of Lords last year, said: ‘It is too early to start thinking about generic principles of compensation.’ Consumer watchdog Which? insisted customers should now be compensated, stressing: ‘No one should lose out as a result of this breach’, while the Information Commissioner’s Office questioned whether TalkTalk acted fast enough to tell customers about Wednesday morning’s attack. God knows, we’ve just demonstrated that our website security wasn’t perfect – I’m not going to pretend it is – but we take it incredibly seriously. “On that specific vulnerability, it’s much better than it was and we are head and shoulders better than some of our competitors and some of the media bodies that were throwing those particular stones.” TalkTalk is unable to say how many of its 4 million customers were affected by the major data breach, in which peoples’ names, addresses and partial bank account details were stolen. Britain’s Information Commissioner watchdog, which can impose fines of up to 500,000 pounds ($765,600), has said it is looking into the incident but security experts said the prevalence of cyber crime showed more needed to be done.
The stock fell the most in more than two years in London after the company said it had been the victim of a “significant and sustained” hack on Wednesday. Simon Moores, chair of the International eCrime Congress and a former government technology ambassador, said so far the commissioner had proved “somewhat toothless”. “The Information Commissioner needs to have more powers to reflect the direction of travel … at a time of rampant identity theft and exploitation of financial details,” Moores told Reuters. Harding said it was “too early to say” whether the company will establish a compensation fund to handle the fallout from the attack because it was still unclear how many customers had been affected and to what degree. He said Britain should give responsibility for information security to a single minister rather than have it spread across several government departments. “You need to encourage a culture and a level of responsibility where all large organizations … take serious ownership and responsibility for the privacy of people’s financial and personal data rather than having a cavalier attitude, which we have seen in so many cases,” he said. Detectives from Scotland Yard’s cyber-crime unit are investigating the hack attack specialists amid reports that specialists from BAE Systems have been called in by TalkTalk to track down the hackers.
Jens Monrad, from the cyber-security company FireEye, said the data stolen in the TalkTalk hack could have been sold days ago, perhaps before the breach was made public. He said: ‘These hackers will want to sell it on as soon as possible so that customers don’t have time to change their passwords.’ Harding’s husband, Tory MP John Penrose, speaking at their Somerset home yesterday, said she was working ‘incredibly hard’ at TalkTalk’s West London HQ this weekend. ‘She feels that the captain should be on the bridge of the ship right now,’ he said. The impostor called the couple, both in their 80s, on Tuesday – the day before TalkTalk claim the hack took place – telling them that the internet connection at their Kent home was faulty. She told the man posing as a TalkTalk employee that she had been overpaid and wanted to return the money – to which she was told to pay back £4,900 following his instructions. Goodness knows I’ve been one of its biggest fans … and it’s not right that having lost your bank account number and sort code that people can take money from your bank account – they can’t.” Harding insisted that TalkTalk would “thrive” following the attack if customers saw that it was being transparent about what had happened.
Shame on TalkTalk – that money was what my parents live on.’ Hilary Foster, a barristers’ practice manager from Surbiton, Surrey, said she discovered on Friday morning that her account had been targeted by the cyber-hackers. ‘It’s outrageous that TalkTalk didn’t tell me about the risk earlier,’ said the 43-year-old. ‘They’ve known since Wednesday and I only found out this morning when I checked my account. What we’re trying to do – and it’s very painful and hard for everybody in the organisation working their socks off – is to be open and transparent about it and share the information maybe earlier than people are used to, so we can warn our customers and protect them.”
Share this article:
Other articles of the category "Android":
Feds require consumer warnings about older Java so...
BMW and Nissan roll out dual-plug EV chargers acro...
Oracle settles charges that it misled you on Java ...
Fallout 4 Addiction: Man Loses Job And Wife, Sues ...
Fallout 4 Addiction: Man Loses Job And Wife, Sues ...
Tesla Cars Will Get Free Spotify Premium&...
Microsoft pulls “Hey Cortana” feature ...
Microsoft disables Cortana for Android voice featu...