TalkTalk said the private data of its more than 4 million customers could be at risk and that it had received a ransom demand from an unidentified party.
Such uncertainty is not going to comfort customers I suspect. TalkTalk has said that it will never contact anyone to ask for this information unless they’re already given specific permission for it to do so. “The very bad truth is that every company, every organisation in the United Kingdom needs to spend more money and put more focus on cyber security – it’s the crime of our era”. Can our defences be stronger?
“Not all of the data was encrypted”, TalkTalk said in a support notification.
The cyber-attack comes in the backdrop of several high-profile breaches of personal information in the US. Was also a victim of data breach in November 2014.
Shares in TalkTalk, which had fallen seven percent since the group’s websites went down on Wednesday, fell another 8.5 percent this morning to a two-year low of 238p.
According to The Guardian’s report, the attack was done by Islamic militants.
A force spokeswoman said: “There have been no arrests and enquiries are ongoing”.
Since TalkTalk has said it’ll be emailing its customers to alert them, be aware of any calls or even email requests for personal details – as these may not be genuine emails, instead being other fraudsters jumping on the bandwagon. “The police are still carrying out their investigation to establish what has happened and the extent of information accessed”.
The Metropolitan Police’s cybercrime unit is investigating, and customers are being told to watch their bank accounts for unusual activity, and contact Action Fraud United Kingdom if they spot anything suspicious.
However, TalkTalk conceded that “there is a chance” the compromised data includes company names, addresses, date of birth, phone numbers, email addresses, account information, and, most worryingly, credit card and/or bank details.
The company revealed that potentially all 4m of its customers could be affected, but said that it was too early to know exactly what data had been stolen.