TalkTalk customer data at risk after cyber-attack on company website

Credit card details may have been compromised by ‘significant and sustained’ cyber-attack on TalkTalk the telecoms company.

The telecoms provider has 4 million customers in the UK. It is the second time in the past 12 months that TalkTalk customers have been affected by data breaches.

“We are continuing to work with leading cybercrime specialists and the Metropolitan police to establish exactly what happened and the extent of any information accessed,” the company said after revealing the attack.

Its chief executive, Dido Harding, said: “We take any threat to the security of our customers’ data extremely seriously, and we are taking all the necessary steps to understand what has happened here.” TalkTalk was informing its customers immediately about the attack as a precaution, she added.

Customers criticized the firm on Twitter over the announcement.

In December 2014 the company said it was investigating whether its customer database had been leaked after more than 100 customers said they had received calls from Indian-based scammers quoting their names, addresses and account details. Dozens of customers have since been tricked out of thousands of pounds by fraudsters who called them pretending to be TalkTalk staff. After receiving such a fraudulent call, a customer in Co Durham, lost £2,815 from his Santander account.

The broadband and phone provider said in February that a third-party contractor that had legitimate access to its customer accounts was involved in the data breach. It took legal action against the supplier, thought to be based in India. TalkTalk contacted customers to warn them about the criminal activity and the Information Commissioner’s Office was also informed. It was still investigating the breach.

What data might have been exposed?

TalkTalk said there was “a chance” data including credit card and bank account details may have been accessed. Other personal data could include names, addresses, dates of birth, email addresses and telephone numbers.

What should customers do? The firm has advised customers to “keep an eye on your accounts over the next few months” and report anything suspicious to their bank or Action Fraud, the UK’s fraud reporting center. People should also be vigilant to unsolicited calls asking for personal data or passwords, the firm said, adding it would never call to ask for bank details.

What kind of attack was it, and when did it happen? The attack took place on Wednesday and the company said it took its website down when it noticed “unusual activity” on its website. The internet provider said it did so in an “effort to protect data”. Who’s behind the breach?

Why was TalkTalk targeted?

As a broadband and mobile phone provider to four million customers, TalkTalk would be required to store large amounts of personal data. It is the third time in 2015 they have fallen prey to a data breach. In August the company revealed its mobile sales site was hit by a “sophisticated and coordinated cyber-attack” in which personal data was breached by criminals, while in February customers were warned about scammers who managed to steal thousands of account numbers and names from the company’s computers. But the company points out it is not the only victim, saying the latest attack “is by no means an isolated incident”.

More Here [theguardian]

Receive Weekly RoundUp

No spam guarantee.