Previous Story
TalkTalk hires BAE Systems over breach
Posted On Oct 25 2015
Comment: Off
A TalkTalk spokesperson said: “We can confirm we were contacted by an organisation claiming to be responsible, and seeking payment”.
Harding apologised to customers for the worry caused by the attack which is understood to have taken place yesterday and resulted in customers’ personal data including names, addresses, credit card details, date of births and account information being stolen.
She goes on to say, “Any credit card information that has been stolen has the six middle digits of the credit card blanked out so can not be used for financial transactions”. “I don’t know for certain, which is why we are taking the precaution of reaching out to everyone”, Harding told the BBC.
The attacker has asked for ransom, TalkTalk has confirmed to The Guardian.
The cyberattack on TalkTalk is possibly one of the largest and most damaging to hit a British company, following a series of high-profile cases in North America recently.
“There were 625,000 cyber offences each month in the United Kingdom this summer”, said CEO Dido Harding in a public announcement on BBC. The police are now investigating the hack.
Since TalkTalk has said it’ll be emailing its customers to alert them, be aware of any calls or even email requests for personal details – as these may not be genuine emails, instead being other fraudsters jumping on the bandwagon.
She said she was not sure whether it was an individual or a group making the demand. Details of millions of customer were stolen from the infidelity website Ashley Madison in August this year, while Sony Corp. was also a victim of data breach in November 2014.
“Unfortunately these criminals are very smart and their attacks are becoming ever more sophisticated”, the company said in a statement.
Dr David Lanc, chief executive of Edinburgh-based cybersecurity specialist Payfont, said: “The problem faced by TalkTalk is part of a massive problem impacting both individuals and companies concerned with protecting online identity and data privacy”.
The company has also admitted that not all customer data was encrypted, raising questions about whether adequate security measures were in place before the attack.
