BAE Systems hired by TalkTalk for hack investigation

The company has claimed d ata stolen in the attack would not allow criminals to plunder customers’ bank accounts, as complete credit card details were not stored in its system and account passwords were not accessed.

The company is advising customers to keep an eye on their bank account though, and is also offering a years’ worth of free credit monitoring alerts.

Comment On Sunday morning, embattled TalkTalk boss Dido Harding crassly stated that her company was under no legal obligation to encrypt customers’ sensitive data. Last week Harding told the BBC that she did not know if the entirety of the data was protected with basic encryption; she had added that the company had received a ransom demand for the data, though she did not say if the criminals had been contacted directly by its staff. Police are investigating the matter.

Harding addresses TalkTalk customers.

“Here’s Harding’s quote in full (paywalled): “[Our data] wasn’t encrypted, nor are you legally required to encrypt it. We have complied with all of our legal obligations in terms of storing of financial information”.

Sarah Laird said her parents had around £9,000 taken after receiving a call purporting to be from the company. She refrained to provide more details as the investigation was in progress.

A spokeswoman for TalkTalk said, “BAE Systems are supporting us as we investigate this week’s cyber attack”.

Since the attack the company has been bombarded by complaints on social media sites from people who say they have fallen victim to scammers.

Report any unusual activity on your accounts to your bank and, if you are in England, Wales or Northern Ireland, to the national fraud and internet crime reporting centre Action Fraud on 0300 123 2040 or www.actionfraud.police.uk.

The latest breach is the third in a spate of cyber attacks affecting TalkTalk in the last eight months, with breaches in August and February also resulting in customers’ data being stolen.

TalkTalk hack: What should I do? The investigation is still ongoing but the findings so far show that the number of customers affected and the amount of data potentially stolen is smaller than we originally feared.

No arrests have been made. The Institute of Directors said only “serious breaches” made the headlines, but attacks on British businesses “happen constantly”.