Mobile phone and broadband provider TalkTalk has become a victim of a “significant and sustained cyber attack” which could have led to breaches of customers’ personal and financial details.
The company said it was “too early to say” how many of its four million UK customers had been affected by the attack and the Metropolitan Police are investigating.
:: What data might have been exposed?
TalkTalk said there was “a chance” data including credit card and bank account details may have been accessed. Other personal data could include names, addresses, dates of birth, email addresses and telephone numbers. The company has admitted “not all of the data was encrypted” but that “we believed our systems were as secure as they could be”.
:: What should customers do?
The firm has advised customers to “keep an eye on your accounts over the next few months” and report anything suspicious to their bank or Action Fraud, the UK’s fraud reporting centre. People should also be vigilant to unsolicited calls asking for personal data or passwords, the firm said, adding it would never call to ask for bank details.
:: What kind of attack was it, and when did it happen?
The attack took place on Wednesday and the company said it took its website down when it noticed “unusual activity” on its website. The internet provider said it did so in an “effort to protect data”. Digital security expert Benjamin Harris, from MWR InfoSecurity, suggested a denial of service attack, which sees hackers block access to a site, would not have led to personal data being compromised. But he said it was possible an attack on a website could gain access to data through links allowing customers to update their details.
:: Who’s behind the breach?
It is unclear at the moment. Scotland Yard’s cyber crime unit has launched an investigation to establish what happened, how much data has been breached and the source of the attack.
:: Why was TalkTalk targeted?
As a broadband and mobile phone provider to four million customers, TalkTalk would be required to store large amounts of personal data. It is the third time this year they have fallen prey to a data breach. In August the company revealed its mobile sales site was hit by a “sophisticated and co-ordinated cyber attack” in which personal data was breached by criminals, while in February customers were warned about scammers who managed to steal thousands of account numbers and names from the company’s computers. But the company points out it is not the only victim, saying the latest attack “is by no means an isolated incident”.
In an FAQ it added: “Barely a week goes by now without cyber-criminals using increasingly hostile and sophisticated methods to target companies that do business online. It’s not just companies like TalkTalk that are being targeted, banks, retailers like Apple and even the US government have been victims.”