The number of customers affected and the amount of data potentially stolen could be less than expected says TalkTalk CEO
TalkTalk says the major cyber attack that could have seen the personal details of four million customers stolen by criminals may not be as bad as first feared.
CEO Dido Harding said it wanted to make sure the public was aware of the “worst case scenario” so they could protect themselves, but claimed initial probes suggest the impact may not be as severe as first feared.
She added that TalkTalk’s core systems had not been affected, only its website, and that the payment information potentially stolen is not enough for criminals to clear out bank accounts.
“The investigation is still ongoing but what I can tell you is that the findings so far show that the number of customers affected and the amount of data potentially stolen is smaller than we originally feared,” Harding told customers in a video.
“In fact, our website – our shop front if you like – was attacked, but our core systems are safe. We don’t store unencrypted credit card data on our website so any credit card data that has been stolen has the six middle digits blanked out and can’t be used for financial transactions.
“No MyAccount passwords have been stolen and no banking details have been taken that you wouldn’t already be sharing when you write a cheque or give to someone so they can pay money into your account.”
Harding did urge customers to remain vigilant for any fraudulent activity, be wary of any phishing scams and to take advantage of the free credit monitoring service TalkTalk has arranged with Noddle. The Information Commissioner’s Office (ICO) is also investigating.
But she was also keen to point out that cybercrime is not isolated this incident. She told The Guardian that TalkTalk would be “naïve” to rule out another attack in the future given the sheer number of such assaults affecting British businesses and claimed her firm’s security measures were “head and shoulders” above those of some of its competitors.
Last week, the company reportedly received a ransom demand from a group claiming to be responsible for the attack and the Metropolitan Police’s criminal investigation is still ongoing, with reports suggesting BAE Systems has been drafted in to help find the perpetrators.