TalkTalk data breach is being investigated by police and ICO as company urges customers to be wary of potential identity theft
Millions of TalkTalk customers have been warned to remain vigilant following a “significant and sustained” cyberattack on its website that could have stolen vast quantities of sensitive user information.
The attack could potentially impact all TalkTalk customers and there is a chance that names, addresses, dates of birth, phone numbers, email addresses, account information, credit card details and bank information have been stolen.
The company says the attack took place on Wednesday and once it was detected, the TalkTalk website was taken offline. Not all the information in question was encrypted and there is a risk of identity theft if the attackers have been successful.
TalkTalk data breach
“It’s not yet clear exactly what data has been stolen, but armed with the data they already have, the hackers are likely to try and trick customers into revealing further details, such as account passwords,” said Thierry Karsenti, technical director at security firm CheckPoint
“It’s just a numbers game for hackers, as they can easily send tens of thousands of emails in the hope of tricking a handful of customers. Phishing emails are still the most common source for social engineering attacks, so customers should be suspicious of any emails or even phone calls that relate to the breach, no matter how plausible, and should not give away more personal information.”
TalkTalk says customers should monitor their accounts over the next few months, identify the authorities if any unusual activity is observed and to be wary of phishing scams. Major banks have also been notified.
“TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organisations,” said TalkTalk CEO Dido Harding. “We take any threat to the security of our customers’ data extremely seriously and we are taking all the necessary steps to understand what has happened here. As a precaution, we are contacting all our customers straight away with information, support and advice around yesterday’s attack.”
The firm, which offers television, broadband, landline and mobile services, says it is “too early” to determine how the data could have been stolen and who was responsible, but says it is working with the Metropolitan Police Cyber Crime Unit to solve the mystery.
“Initial reporting suggests that this attack leveraged DDoS as a potential smokescreen to hide the cyber criminals ultimate goal – data theft on a huge scale,” explained Raj Samani, Intel Security EMEA CTO. “While it is too early to draw conclusions, we know from previous incidences, such as Operation Troy, that this tactic has been successfully used in the past.
The Information Commissioner’s Office (ICO) has been notified, but TalkTalk says it has not breached the data protection act as this was a criminal incident.
“The ICO is aware of this incident, which was reported to us on Thursday afternoon. We will be making enquiries and liaising with the Police,” said the ICO. “Any time personal data is lost there can be a risk of identity theft. There are measures you can take to guard against identity theft, for instance being vigilant around items on your credit card statements or checking your credit ratings.”
The attack could have serious reputational damage for the firm, which reported in February that a “small but significant” number of customers have had their account details compromised by hackers intent on using stolen information to initiate social engineering attacks. Up to 480,000 TalkTalk mobile customers were also affected by the Carphone Warehouse data breach in August.