TalkTalk was under a cyber attack a couple of days ago and as a result, the sensitive personal information of millions of people are now in danger.
The company’s chief executive, Dido Harding, apologized for the “significant and sustained cyber attack” but could not clarify whether the information had been encrypted. He did mention however that customers may have been affected.
In what seems to be a demonstration of power, the group that claimed to have conducted the attack, published personal information of a victim on the Pastebin website. It also claims to be a Russian Islamist cyber jihadi group.
Detectives from Scotland Yard’s cyber crime unit, Falcon, commenced investigations along with the claims of the group mentioned above.
Moreover, Adrian Culley, a former detective in Met’s cyber crime unit, told BBC Radio 4’s Today programme a Russian Islamist hacking group claimed to be behind the attack. He said:
“They are claiming to be from Russia and be an Islamic cyber jihadi group. They have posted on to Pastebin information that appears to be TalkTalk customer private information.”
However, the true nature of the group has not yet been confirmed because it is too soon to reach such conclusions, according to a TalkTalk spokeswoman.
Ms Nunes, an administrator, told the Standard:
“It’s hugely worrying. I’ve not had any communication with Talk Talk over this. I have my mobile phone account with them which I set up just over three years ago. To do it you have to provide an email address. It’s terrifying to think they could have all my other personal details too. I’ve just recently switched bank accounts which is somewhat of a relief, but it makes you wonder where I stand and what else they might have. I should have been contacted much earlier (by Talk Talk). I’ve not had the best experience with them since the beginning, to be honest. I have five months left on my contract and after this there is no way I’m going to stay with them.”
The sensitive personal information that was stolen during the cyber attack includes bank and credit card details along with email addresses, dates of births and even phone numbers.
As for the type of the attack, it is thought to be a DDoS one (distributed denial of service), where a website is hit by waves of traffic so intense that it cannot cope.
According to other speculations, blackmailers could be behind the attack. In the City, almost £200 million was wiped off the value of TalkTalk in frantic trading in its shares as investors assessed the scale of the damage to the brand.
This was the third attack in a row, with the first one being in February when TalkTalk customers were warned about scammers who managed to steal thousands of account numbers and names from the company’s computers and the other being in August which was, in fact, a “sophisticated and co-ordinated cyber attack” in which personal data was breached by criminals.
Ms Harding told ITV’s Good Morning Britain the three attacks were “completely unrelated”, adding:
“We moved as fast as we possibly can, on Wednesday lunchtime all we knew was that our website was running slowly and that we had the indications of a hacker trying to attack us. I can’t even tell you today exactly how many customers have been affected. We have tried to come public as fast as we can once we have got a reasonable idea of what potential data has been lost. I really appreciate the frustration and the worry and the concern that this causes customers – I am a customer myself – and I am very sorry for that. We are rushing to try and get that information to our customers as fast as we possibly can.”
She then added:
“This is a crime, a criminal has attacked TalkTalk systems and we are not the only ones, whether it is the US government, Apple, a whole host of companies. Cyber crime is something we all need to get better at defending ourselves against.”
In the meantime, Scotland Yard is working on the scandal and an investigation has already been conducted. As for the customers whose personal information are apparently in danger, there is no guarantee at this point which might bring more trouble to the company in the near future.
A Scotland Yard spokesman said:
“The Metropolitan Police Cyber Crime Unit is investigating an allegation of data theft from a telecommunications website. The theft was reported to the Met on Wednesday 21 October. There have been no arrests and enquiries are ongoing. The investigation remains at an early stage; a full assessment of the alleged data theft is ongoing.”
At this point, we can only hope for the best. Unfortunately in this case the best is still bad and no one knows how quickly things could escalate if the group is indeed who they claim to be.