U.K. Internet Provider TalkTalk Hit by Cyberattack
The London Metropolitan Police Cyber Crime Unit launched a criminal investigation following the cyberattack, which was characterized by TalkTalk as “significant and sustained.”
London-based TalkTalk’s CEO Dido Harding was contacted by someone claiming to be responsible for the attack who was seeking payment, the company said. However, as of today, it still wasn’t clear whether the group that had contacted TalkTalk was responsible for the breach or whether their ransom demands were credible.
Some Data Unencrypted
TalkTalk didn’t say how much ransom the hackers demanded. TalkTalk is in the process of contacting its customers directly with details of the attack, as well as putting up an informational Web page. The company shut down its site as soon as it found out that it was under attack. TalkTalk also acknowledged the possibility that data regarding its former customers might have been compromised.
The company said that since Wednesday it has carried out a thorough review of the site with the help of cybercrime specialists and taken measures to secure it.
The data that might have been compromised included names, birth dates, e-mail addresses, phone numbers and bank account details of its 4 million customers, TalkTalk said. The London police cybercrime unit has just started investigating the alleged theft of the data, not all of which was encrypted. No arrests have been made in the case.
TalkTalk also contacted major banks in its service area, which are monitoring the accounts of the company’s customers for suspicious activity. While hackers couldn’t take money from a TalkTalk customer’s bank account, they could use personal data for identity fraud. TalkTalk is offering a year’s free credit monitoring for all its customers and will be contacting customers with the details. It also suggested that all customers change their passwords to the company’s Web site once it’s back online.
Not the First
Wednesday’s attack isn’t the first time TalkTalk has been targeted. Earlier this year, the company confirmed that a hack in late 2014 resulted in stolen names, addresses, phone numbers, and customer account numbers. European officials are planning regulations that would force any company affected by a data breach to inform privacy regulators within three days or potentially face fines.
Two months ago, British mobile phone retailer Carphone Warehouse detected a breach that may have leaked personal details of more than 2 million customers. T-Mobile, Dixons Carphone, and Sony Corp. have also been high-profile targets of cyberattacks in the past year.
TalkTalk provides TV, phone, Internet and mobile services to consumers and businesses in the U.K. The company had sales of 1.8 billion pounds (about $ 2.8 billion) in its past fiscal year. Shares of the company’s stock fell on the British exchange by as much as 11 percent as news of the attack spread.