TalkTalk customer info hacked

23 October 2015

TalkTalk TalkTalk customers have had their personal information hacked in what the police are calling a "significant and sustained" cyber-attack on the company's website. This is the third data breach in a year for TalkTalk.

"We are continuing to work with leading cybercrime specialists and the Metropolitan police to establish exactly what happened and the extent of any information accessed,” said TalkTalk.

The company's chief executive, Dido Harding, said: "We take any threat to the security of our customers’ data extremely seriously, and we are taking all the necessary steps to understand what has happened here."

The way TalkTalk has been handling this has angered some customers. Looking through Twitter, it seems that TalkTalk's customer service lines have been downed by the volume of people trying to get answers about what exactly has gone missing.

One of the things that will worry TalkTalk customers, is that the last time they were scammed out of money after a hack, TalkTalk refused to accept any liability, and blamed one victim for being tricked. They said, after one of their customers was scammed out of nearly £3,000, that because the customer gave details to the fraudster, he was "validating and authorising the transfer of funds".

So what about this hack? Well, TalkTalk said that it is possible that credit card and bank account details could've been swiped, as well as personal info like names, addresses, dates of birth, email addresses and telephone numbers. Here's the kicker - TalkTalk have said that "not all of the data was encrypted" but that they think "our systems were as secure as they could be".

Basically, customers need to keep an eye on their accounts and keep checking for any odd behaviour or payments being made from it. If you do see something odd going on, you need to report it to ActionFraud. Obviously, like always, if anyone rings you up asking for your passwords and the like, tell them to piss off. No legit business ever asks for your passwords and bank details.

Until then, wait for TalkTalk to get in touch and they should tell you more in due course.

UPDATE: TalkTalk is pointing customers in the direction of a special site if there are any questions: http://help2.talktalk.co.uk/oct22incident. If you'd prefer to ring someone, then the number is 0800 083 2710, or 0141 230 0707, but remember, they're likely to be extremely busy today.

UPDATE 2: Ebuyer.com have published some figures to show how many people were supposedly affected. They've said:

  • less than 1.2 million customer email addresses, name and phone numbers
  • less than 28,000 obscured credit and debit card details
  • less than 21,000 bank account numbers and sort codes
  • less than 15,000 customer dates of birth

TOPICS:   Privacy

4 comments

  • wtfisdisreal
    WTF is dis real? In this day and age, can a big company still be storing sensitive data such as demographics details and credit card numbers without encryption? They are going to get raked over the coals by the Information Commissioner over this one, no excuse for not encrypting sensitive data - it's pure negligence
  • David
    Agree with wtfisdisreal however I'd add to it: encryption is not a silver bullet. There are a number of other issues with TalkTalk: storing information they don't need; collecting all data (including archived) in a single database; relying on IT to protect them without adequate procedures to manage the impact of human error.
  • Tom
    The Data should of been highly encrypted. But I hope they find the people who did this hack (even if it takes bringing in the best minds out there) and hit them with everything.
  • gas m.
    Wow, sounds like they might be hiring, if I forward my cc can you put in a good word for me. I am a hard worker.

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment