While TalkTalk publicly admitted on Thursday night (22nd Octoboer) to its servers being hacked – “a significant and sustained cyberattack,” in its own words – the UK internet service provider is accused of knowing about the hack for up to a week before revealing it, and of trying to cover it up.
According to reports in The Telegraph, TalkTalk customers experienced attacks on their home computers and phonecalls from scammers who knew their names and account detail the week before the company made an official statement regarding the hack.
“Someone rang up on Monday claiming to be from TalkTalk and they had all my account details,” Mr Walter, a Senior Analytics Director for Moodys and TalkTalk customer, told The Telegraph. “My partner gave them remote access to our laptop before realising it was a scam, and pulling the plug. But a virus had already been put on the computer and it’s going to cost time and money to sort out. I think TalkTalk’s actions have shown extremely poor regard for their customers, and a failure to encrypt the data was sloppy in the extreme.”
“I have received two phone calls – one last Friday, the 16th, and then again this Tuesday,” another customer, Jeremy Cotgrove, revealed. “Both sounded dodgy, a delay on the line and someone speaking very poor English. I just put the phone down as it did not sound kosher.”
Keith Vaz, the Labour Member of Parliament for Leicester East and Chairman of the Home Affair Select Committee, said that there was emerging evidence to support the assertion that TalkTalk had tried to hide the scale of the crime. “Suggestions that TalkTalk has covered up both the scale and duration of this attack are alarming and unacceptable and must be thoroughly investigated,” Vaz added.
The attackers, who used a simple SQL Injection to access the servers – described as the equivalent of TalkTalk “leaving the backdoor open” – have purportedly sent a ransom e-mail to CEO Baroness Harding of Winscombe, the Conservative Peer professionally known as Dido Harding, who also admitted that some sensitive user data had not been encrpyted.
Image courtesy of The Drum.