Update: 23/10/2015 13:37: Ransom demand
TalkTalk has admitted to receiving a ransom demand from someone claiming to be the hacker responsible for the massive data security incident.
Speaking to the BBC, TalkTalk chief executive Dido Harding said, “It is hard for me to give you very much detail, but yes, we have been contacted by, I don’t know whether it is an individual or a group, purporting to be the hacker.”
TalkTalk’s website was “subjected to a significant and sustained” cyber attack on Wednesday 21 October, in which criminals potentially accessed up to four million customers’ names, addresses, dates of birth, email addresses, telephone numbers, TalkTalk account information, and credit card and bank details. The Metropolitan Police and the Information Commissioner’s Office (ICO) are investigating.
TalkTalk chief executive Dido Harding told the BBC that all of the company’s customers could have been affected and that they were being emailed about the incident. Unfortunately, TalkTalk’s own email service was affected by the attack, as the screengrabs below show. Many TalkTalk customers are complaining on Twitter that they haven’t been contacted at all.
In a dedicated web page, TalkTalk Managing Director (Consumer) Tristia Harrison sought to reassure customers that the company is “taking every action possible” to keep their information safe – quite a claim when, by TalkTalk’s own admission, not all data was encrypted.
Note that this page says in big, bold lettering:
“Please be aware, TalkTalk will NEVER call customers and ask you to provide bank details unless we have already had specific permission from you to do so.”
This warning is probably a reaction to February’s incidents, in which customer details stolen in a third-party incident were used to defraud TalkTalk’s customers by phone.
The threat of phishing attacks increases substantially after incidents like this. In many cases, customers will have received phishing emails before they received official confirmation from the company itself.
These aren’t the only occasions TalkTalk has been affected by cyber crime, either: in August, Carphone Warehouse suffered a data breach, which had knock-on effects for 2.4 million Dixon Carphone customers – including those who subscribed to TalkTalk Mobile.
We’ll keep updating this blog as more information becomes available.