TalkTalk–a London-based phone and broadband company–has been breached by hackers. The attack could possibly have compromised sensitive data on all of its 4 million customers.
A TalkTalk spokesperson called it a “significant and sustained” attack. I know it’s almost the end of October, but this is the third data breach at TalkTalk just this year. How “sustained” could it possibly be unless this attack was already ongoing before the last breach was discovered?
I wrote a post about the TalkTalk data breach and the idea that companies need to do a better job of protecting the data instead of worrying about keeping the bad guys “out”:
TalkTalk announced that it has been the target of a data breach—its third such attack this year. Details are sketchy because the investigation just began and is still ongoing, but in a worst-case scenario it’s possible the attackers have accessed the entire customer database—compromising sensitive data on up to 4 million customers. TalkTalk also revealed that somebody claiming to be responsible for the hack has contacted the company with a ransom demand.
A website has been set up by TalkTalk to share the few details that are available so far. It opens with, “We are very sorry to tell you that yesterday a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyber-attack on our website on Wednesday 21st October.”
TalkTalk says the data that may be compromised includes customer names, addresses, dates of birth, email addresses, telephone numbers, TalkTalk account information, and even credit card and bank details. The broadband provider is working with authorities and cybercrime experts to investigate the breach, and reaching out to customers to inform them their personal data may be compromised. It is also offering the standard, all-but-obligatory free year of credit monitoring for all affected customers.
A report from Reuters states that TalkTalk has also received a ransom demand. It doesn’t specify the demands, but I assume the payment would be in exchange for not publishing the data publicly on the Web or possibly for not selling it on the cyber black market. TalkTalk CEO Dido Harding is quoted by Reuters saying, “It is hard for me to give you very much detail, but yes, we have been contacted by, I don’t know whether it is an individual or a group, purporting to be the hacker.”
“Data thieves sell this information to aggregators, who cross-reference and compile full identities—called “fullz” on the data black market,” explains Ryan Wilk, director with NuData Security. “This increases the value and usefulness of the stolen data, which may have been gathered from multiple data breaches.”
Wilk says that criminals armed with this kind of personal data are a serious threat. Fraudsters can create new bank accounts or take out loans under an actual person’s name, causing problems for fraud victims for years down the road.
Read the complete post on CSOOnline: TalkTalk hit by data breach and ransom demand.