The BBC reports that the news was made public this morning after London’s Metropolitan Police started a criminal investigation into the attack yesterday. The hackers are thought to have had “sustained” access to TalkTalk’s website throughout Wednesday, October 21. The company noticed the irregularities yesterday and immediately shut down the website.
Parts of talktalk.co.uk are accessible again this morning but the sales system and “my account” area for existing customers remain offline until the company can determine the scale of the attack. The company’s broadband, TV and mobile and landline phone services are continuing to operate as normal.
It is currently unknown who is behind the attack as police and dedicated cyber-crime investigators begin their analysis. A Russian Islamist group claimed responsibility this morning according to Scotland Yard detective Adrian Culley but the identity of the hackers has yet to be verified. TalkTalk said in a statement that the names, addresses, dates of birth, email addresses, telephone numbers, account information and credit card or banking details of its customers may have been accessed and stolen.
TalkTalk says all customers will be contacted today with details of what has happened. The company is working with security services and the police to complete a “thorough” investigation and says it has taken the “necessary measures” to secure its website.
TalkTalk is offering all of its customers one year of free credit monitoring. The major UK banks have already been contacted and are watching customer accounts for any suspicious activity. The company advises that users change their passwords immediately and scrutinize their bank statements over the next few months. TalkTalk warned that it will never directly call or email customers for their bank details and that such contacts should be referred to the UK’s fraud reporting centre, Action Fraud.
In a statement this morning, TalkTalk managing director Tristia Harrison said: We would like to reassure you that we take any threat to the security of our customers’ data very seriously. We constantly review and update our systems to make sure they are as secure as possible and we’re taking all the necessary steps to understand this incident and to protect as best we can against similar attacks in future. Unfortunately cyber criminals are becoming increasingly sophisticated and attacks against companies which do business online are becoming more frequent.
The Guardian reports that CEO Dido Harding said: “We take any threat to our customers’ data extremely seriously, and we are taking all the necessary steps to understand what has happened here.” Harding added that it was too early to comment on the claims that Russian Islamists could have been the attackers and said the company’s priority is to contact its customers.
The attack is the third incident of data theft at TalkTalk in just 12 months. In August, the company admitted personal data had been stolen from its mobile sales site and in February it issued a warning that scammers had stolen thousands of account numbers and names from its database.
The company has referred itself to the UK’s Information Commissioner’s Office as customers begin to doubt whether it has learnt how to properly handle growth. Angry users of TalkTalk products took to Twitter to vent their frustration at the company’s delay in making the information public. Many are anxiously awaiting emails with more details as the investigation continues today. There are concerns the attackers could begin to exploit the stolen data even as TalkTalk and the banks rush to put anti-fraud measures into place on customer accounts.
The third attack in twelve months is expected to see TalkTalk heavily penalised by the Information Commissioner for failing to adequately protect sensitive customer data. The quantity and severity of the attacks has indicated that TalkTalk’s systems may be incapable of storing the records of its four million customers, something that cyber-security expert Professor Peter Sommer told the BBC the Commissioner will take a dim view of.
He said: “Undoubtedly TalkTalk has had significant problems for some time and they simply had to go public now because personal data is available and the Information Commissioner is going to be hard down on them to see why they haven’t performed better.”
TalkTalk is a popular provider of telecommunications services in the UK. It offers fibre-optic broadband, mobile coverage and landline phone networks as well as TV packages. It often focuses on undercutting the cost of rivals like BT, Sky and Virgin Media.