TalkTalk, one of UK’s biggest telecoms, has suffered a “significant and sustained cyberattack” on their website, and it’s possible that personal and financial information of some 4 million of the company’s customers in the UK has been compromised as a result.
The potentially compromised data includes names, addresses, dates of birth, email addresses, telephone numbers, TalkTalk account information, credit card details and/or bank details. “Not all of the data was encrypted,” the company noted in the alert.
The website was attacked on Wednesday 21st October, and as soon as they realized what was going on, they pulled the website down in an effort to protect data.
“We work with world leading security experts and believed our systems were as secure as they could be,” the company said. “Unfortunately these criminals are very smart and their attacks are becoming ever more sophisticated.”
TalkTalk has immediately begun notifying potentially affected users of the potential breach and offering advice on what to do, and has called in the Metropolitan Police’s Cyber Crime Unit to investigate. The UK Information Commissioner’s Office has also been appraised of the situation.
The company didn’t share any details about what methods the attackers used.
“They can’t take money from your bank account, but there is a risk they might use the data for identity fraud,” they pointed out to affected users, urging them to be vigilant and keep an eye on their accounts over the next few months, to be wary of phishing attacks aimed at collecting more personal data, passwords or bank details (e.g. for refunds), and to check their credit report.
The company is working on organizing a year’s free credit monitoring for all customers, and has contacted major banks so that they could monitor TalkTalk customers’ accounts for suspicious activity.
Benjamin Harris, Managing Security Consultant of MWR InfoSecurity added additional advice to customers, but also to organizations generally that may be targets to this type of cyber attack:
“As always when there is a concern that payment data may have been breached, consumers should pay attention to transactions made on their debit and credit cards and report any suspected fraudulent transactions to their card issuer. Being proactive will help to limit any damage caused by exposure of credit card information, however if consumers are heavily concerned about the confidentiality of their debit or credit card, it is recommended that they contact their card issuer to provision replacement cards, thus invalidating the previous credit or debit card used.
“It appears that TalkTalk have been proactive in this instance, and have done the correct things by issuing a public statement and involving the relevant authorities, allowing the attack to be investigated and thus limit any further damage.
“Incident response is a necessity for most organizations. In this case, it is important that organizations are both proactive and honest about any security breaches, and that they enlist the correct help from the outset. Identifying the attack mechanism is an important step in mitigating the risk, and pre-emptive actions (such as immediately destroying an infected machine) could lose vital evidence that would be useful in identifying the actual impact.
“Organizations should also regularly test their incident response plans. For example, logging and monitoring systems may not be regularly inspected. Realizing that a log collation server has not been working for months and has not recorded information relating to a breach can be very frustrating, and these issues can be avoided with regular inspection.