1. Home
  2. News
  3. Five things we've learned since the TalkTalk data...

Five things we've learned since the TalkTalk data hack

Wednesday, November 4th 2015 by Phil Wilkinson-Jones

Since the cyber attack on TalkTalk’s website on 21 October, both the provider itself and police have been working to establish exactly what happened and how much data was stolen.

TalkTalk revealed last week that up to 21,000 unique bank accounts and sort codes, 28,000 obscured credit and debit card details, 15,000 customer dates of birth and 1.2m customer email addresses, names and phone numbers had been accessed.

The company said this was “significantly less than originally suspected” and ensured customers it was doing everything it could to investigate and remedy the situation.

But what else have we learned since the attack?

1. Investigations take time

Police yesterday arrested a fourth person in connection with the cyber attack. The 16-year-old boy, who was arrested at an address in Norwich on suspicion of offences under the Computer Misuse Act, has been bailed to a date in late March 2016.

A 20-year-old man arrested in Staffordshire, a 16-year-old boy arrested in Feltham, London, and a 15-year-old boy from County Antrim, Northern Ireland, have all also been bailed.

Detectives from the Metropolitan Police Cyber Crime Unit are continuing to investigate alongside officers from the National Crime Agency and the Police Service of Northern Ireland’s Cyber Crime Centre, while MPs have launched an inquiry into cyber security following the attack.

The Culture, Media and Sport Committee is welcoming written submissions on areas including security measures, encryption, and redress and compensation until 23 November, and will hear evidence later this month.

Chairman Jesse Norman said: "The recent events have highlighted serious issues relating both to existing cyber-security and the response to cyber-crime.

"This committee is concerned with the attacks on TalkTalk specifically as a telecoms and internet service provider, but with the recent move of the Information Commissioner’s Office to DCMS, we will also be looking more widely at the security of personal information online."

2. Customers should be wary of scam calls

It's not necessarily the data breach itself that will cause the damage, but what criminals do with the information when they get their hands on it.

In the weeks and months following a previous attack – in which personal information was stolen from company computers – scammers used customers’ names, addresses, phone numbers and TalkTalk account numbers to trick people into handing over their bank details or installing software that made their computers vulnerable to attack.

Earlier this year 74-year-old TalkTalk customer Julie Norton told Cable.co.uk she was scammed out of nearly £3,000 after her personal information was stolen.

Since the latest data breach, TalkTalk customers have reported receiving suspected scam calls from people claiming to work for the provider, but at this point it is unknown whether the information used to make these calls was taken in the latest attack.

3. There could be a mass exodus from TalkTalk

The latest breach is the third suffered by TalkTalk in less than 12 months, leading to concerns by many customers that it just can't keep their personal details safe.

But the provider said it will only waive contract termination fees in the "unlikely event" that money is stolen from a customer's bank account as a direct result of the attack.

Its approach has prompted many customers to vent their anger on social media.

4. There may be a way for customers to exit their contracts early

Legal expert John Deane, from solicitors Slater and Gordon, said that TalkTalk customers may be able to leave their contracts early if they can prove the company seriously breached the terms of its contract.

He said the provider had failed to honour its contractual promises to customers by allowing their personal data to be shared without their consent.

Jon Baines, chairman of the National Association of Data Protection Officers, told Cable.co.uk there is also the potential for legal claims by customers under the Data Protection Act.

5. TalkTalk aren’t the only company to have been hit by hackers

TalkTalk CEO Dido Harding has said that cyber criminals are becoming increasingly sophisticated and warned that other UK companies are under threat from cyber crime.

On Saturday, Vodafone revealed that the names, mobile numbers and bank details of 1,827 customers could have been hacked.

A spokesperson for the company said criminals acquired the information from “an unknown source external to Vodafone”, adding that Vodafone’s internal systems were not compromised or breached in any way.

The provider has started an investigation into the incident and has informed the National Crime Agency, Ofcom and the Information Commissioner’s Office.

Related links

Why do we need your postcode?

Once you enter your postcode, Cable.co.uk will perform a live lookup and check all the available providers in your area.

This ensures you receive accurate information on the availability of providers and packages in your area.

Your information is safe with us. We won't share your postcode with anyone. Guaranteed.