Categories: CyberCrimeSecurity

‘Significant’ TalkTalk Data Breach Could Affect Millions Of Customers

Millions of TalkTalk customers have been warned to remain vigilant following a “significant and sustained” cyberattack on its website that could have stolen vast quantities of sensitive user information.

The attack could potentially impact all TalkTalk customers and there is a chance that names, addresses, dates of birth, phone numbers, email addresses, account information, credit card details and bank information have been stolen.

The company says the attack took place on Wednesday and once it was detected, the TalkTalk website was taken offline. Not all the information in question was encrypted and there is a risk of identity theft if the attackers have been successful.

TalkTalk data breach

“It’s not yet clear exactly what data has been stolen, but armed with the data they already have, the hackers are likely to try and trick customers into revealing further details, such as account passwords,” said Thierry Karsenti, technical director at security firm CheckPoint

“It’s just a numbers game for hackers, as they can easily send tens of thousands of emails in the hope of tricking a handful of customers. Phishing emails are still the most common source for social engineering attacks, so customers should be suspicious of any emails or even phone calls that relate to the breach, no matter how plausible, and should not give away more personal information.”

TalkTalk says customers should monitor their accounts over the next few months, identify the authorities if any unusual activity is observed and to be wary of phishing scams. Major banks have also been notified.

“TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organisations,” said TalkTalk CEO Dido Harding. “We take any threat to the security of our customers’ data extremely seriously and we are taking all the necessary steps to understand what has happened here. As a precaution, we are contacting all our customers straight away with information, support and advice around yesterday’s attack.”

Investigation

The firm, which offers television, broadband, landline and mobile services, says it is “too early” to determine how the data could have been stolen and who was responsible, but says it is working with the Metropolitan Police Cyber Crime Unit to solve the mystery.

“Initial reporting suggests that this attack leveraged DDoS as a potential smokescreen to hide the cyber criminals ultimate goal – data theft on a huge scale,” explained Raj Samani, Intel Security EMEA CTO. “While it is too early to draw conclusions, we know from previous incidences, such as Operation Troy, that this tactic has been successfully used in the past.

The Information Commissioner’s Office (ICO) has been notified, but TalkTalk says it has not breached the data protection act as this was a criminal incident.

“The ICO is aware of this incident, which was reported to us on Thursday afternoon. We will be making enquiries and liaising with the Police,” said the ICO. “Any time personal data is lost there can be a risk of identity theft. There are measures you can take to guard against identity theft, for instance being vigilant around items on your credit card statements or checking your credit ratings.”

The attack could have serious reputational damage for the firm, which reported in February that a “small but significant” number of customers have had their account details compromised by hackers intent on using stolen information to initiate social engineering attacks. Up to 480,000 TalkTalk mobile customers were also affected by the Carphone Warehouse data breach in August.

What do you know about fibre broadband?

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Synopsys, SiMa.ai To Collaborate On AI Car Chips

Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…

17 mins ago

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

47 mins ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

1 hour ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

2 hours ago

EU Opens TikTok Probe Over Election Interference Claims

European Commission opens formal probe into TikTok after Romanian first-round elections annulled over Russian interference…

2 hours ago

China Chip Growth Slows As US Targets Legacy Chips

Growth in China's output of integrated circuits slows in November as Biden administration reportedly launches…

3 hours ago