What do they say about trouble coming in threes?
UK telecoms operator TalkTalk has revealed that it has once again suffered at the hands of hackers, and that details of four million customers might have been compromised.
We are very sorry to tell you that on Thursday 22nd October a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyberattack on our website on Wednesday 21st October. The investigation is ongoing, but unfortunately there is a chance that some of the following data may have been accessed
What information might be at risk? Customers’ names, addresses, dates of birth, email addresses, telephone numbers, account information, and (gulp!) credit card and/or bank details.
TalkTalk says “not all of the data was encrypted”, without – unfortunately – sharing any details on specifically what customer information was and wasn’t encrypted.
Sounds pretty bad, doesn’t it?
What makes it worse is that this isn’t the first time that TalkTalk has suffered at the hands of hackers and fraudsters. In fact, this is the third big security incident to impact TalkTalk in the last 12 months.
In case you’ve forgotten, we know that hackers stole the personal details of thousands of TalkTalk customers, and used them to commit scams over the telephone, after a breach involving a third party contractor which had legitimate access to customer account details. TalkTalk told its customers about that breach in February 2015, although rumours had been bubbling since the previous December.
Then, more recently, some 480,000 TalkTalk customers were said to have been impacted in the hack of British mobile phone retailer Carphone Warehouse.
After these incidents, many TalkTalk customers have been complaining about being on the receiving end of scam phone calls from fraudsters pretending to be TalkTalk, sometimes claiming that they want to warn users about malware infections on their computer.
— Simon PG Edwards (@spgedwards) October 23, 2015
Just a few days ago, I had a BBC TV crew visit me for a consumer affairs programme they are making, discussing the case of one man who has lost over £2000 after fraudsters stole his account details and personal information from TalkTalk.
And now this.
TalkTalk says it has contacted major banks, and asked them to monitor unusual activity on customers’ accounts, and the company’s chief executive, Dido Harding, says that customers will be getting a year’s free credit monitoring.
Only time will tell if that will be enough to restore trust amongst TalkTalk’s customers.
Update: TalkTalk says it has received a ransom demand.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.