TalkTalk Boss Argues ‘Customers Think We’re Doing Right Thing After Attack’

The TalkTalk cyberattack raised serious security questions about the company’s ability to properly encrypt sensitive customer information. Despite the negative publicity and widespread outrage, TalkTalk chief executive Dido Harding claims the:

 “majority of customers support our approach”. 

She also eluded that: 

“Very early indications that customers think that we’re doing the right thing”.

“The cyber attack, while not wishing to diminish it, has been smaller than we thought,”

However, the response on Twitter is quite hostile and clearly shows how frustrated customers are:

https://twitter.com/HarringtonC0/status/664130728263839744

To be fair, Twitter isn’t the most accurate basis of judging mass opinion and usually revolves around the angry minority. However, in this case, I think TalkTalk’s arrogant management really is underestimating the scale of this problem and how damaging it’s been from a PR perspective. Harding weighed in on the company’s future and said the ISP is:

 “very confident in the medium term future of TalkTalk”.

“Yesterday’s security might have been good enough but it’s not going to be good enough tomorrow,”

“I expect we will take security considerably more seriously than ever.”

I honestly think customers are struggling to take these promises seriously and there’s a great deal of apprehension regarding network security. The company claims many people decided not to cancel their contract. Although, this might be because leaving their current contract leads to hefty fines. Additionally, a large quantity of TalkTalk’s audience doesn’t feel comfortable switching providers and needs to assistance of someone technically minded. Whatever the case, the cyberattack has dramatically altered people’s perceptions towards TalkTalk and I can’t see that changing anytime soon.

TalkTalk Warned of Possible Data Breach in 2013

The data breach of TalkTalk customer information raised a number of serious questions about the company’s security and encryption measures. Embarrassingly, it appears to be the work of a 15-year-old boy, and customers are livid as new information suggests the poor security was known as early as 2013! According to The Guardian, TalkTalk’s chief executive’s office was warned of a data breach in July 2013.

One customer, Keith Aldridge subscribed to TalkTalk’s phone and broadband service in 2013, and lost £110 as part of a data scam. He said:

“The fraudsters called me on my brand new landline, on a new number that I had been given as part of the switch. It was so new that I had only passed it on to two family members, and yet the fraudsters had that number – and knew all about the technical problems I had had,”

“In my view the company did not address it in anything approaching an adequate manner. Perhaps if they had done so there might not have been these newer issues,” 

The scammer, contacted Alridge’s new TalkTalk landline and pretended to be from the company. It’s pretty startling how quickly his details were accessed by a fraudulent individual but this wasn’t taken seriously by TalkTalk’s management. They didn’t deem it to be a credible risk and drastically underestimated the scale of their network security flaws. Now we are beginning to hear about past mistakes, it doesn’t help TalkTalk’s reputation and makes them appear pretty reckless.

Schoolboy in TalkTalk Arrest Plans to Sue Newspapers Over Privacy Concerns

The TalkTalk data breach was allegedly masterminded by a 15-year-old schoolboy in County Antrim which caused a great deal of embarrassment and raised questions about TalkTalk’s encryption. Senior staff at TalkTalk believed the DDOS attack to be the work of a cyber-criminal gang or state-sponsored hack. Once the media had been told of the schoolboy’s arrest, various stories were published about his behavior and secluded lifestyle. Some outlets even published a picture of the young boy, with his face slightly covered.

Given the nature of these stories, the schoolboy believes he has a legal case against them in regards to privacy intrusion. He intends to sue three leading newspapers; The Daily Telegraph, The Daily Mail and The Sun. Additionally, according to RTE News, the boy’s lawyers have commenced proceedings against Google and Twitter.

This is an interesting turn of events as there is a legal case when you consider the misuse of private information. However, it’s unknown if this is allowed due to the free press reporting on a serious news issue. The legal proceedings will begin next month and rest assured, we will keep you up to date with all the latest information.

Do you think the press breached this young boy’s privacy?

TalkTalk Hackers Only Accessed a Small Percentage of Data

Since the cyber attack on Internet Service Provider (ISP) TalkTalk on October 21st, it has been revealed that the hacker(s) have only been able to access 4% of sensitive customer details. I say only loosely as even a single customers details being revealed is bad enough.

BBC has  reported that 156,959 customers had personal data accessed, of which 43,656 had payment details accessed, but approximately 28,000 credit and debit card details were obscured beyond use to any hacker for financial transactions.

TalkTalk has already contacted a large amount of affected customers and the remaining customers will be contacted “within the coming days”. The firm and other data security firms have advised all customers to keep monitoring their personal accounts of both email and bank for any suspicious activity and report to your bank, TalkTalk and in extreme cases, the police.

Take a look at this video shared by the BBC twitter account of a scammer trying to con a customer. Most banks would have been informed to monitor customers accounts themselves, but you could take extra measures such as taking out a subscription to credit freezing subscriptions offered by Expedia which will not only freeze your credit score, but also inform you of fraudulent activity.

Has the hack impacted you or someone you know? Let us know what security measures have been taken in the comments.

TalkTalk Could be Put Out of Business by Compensation Claims

UK ISP TalkTalk could potentially be put out of business by compensation claims following the recent hack that compromised unencrypted user data. While TalkTalk admitted that it was a victim to a cyberattack last Thursday (22nd October), and has since claimed that it was not as serious as first feared, there is evidence to suggest that the company not only knew about the hack a week before revealing it and tried to cover it up, but that customers had received fraudulent phonecalls from parties that knew personal information as early as 16th October.

According to the Daily Star, city lawyers are drawing up compensation claims on behalf of thousands of customers, to the tune of around £1,000 each, which could cost TalkTalk up to £75 million, with further cases sure to follow.

“This is the Great Train Robbery of the 21st Century.,” Former Met Police detective and private security adviser Adrian Culley said. “There is a potentially huge liability for TalkTalk. Compensation payments could put them out of business.”

Meanwhile, TalkTalk CEO Dido Harding has claimed that it was not “legally required” to encrypt user data. Talking to The Sunday Times (paywalled content via Ars Technica), Harding said, “[Our data] wasn’t encrypted, nor are you legally required to encrypt it. We have complied with all of our legal obligations in terms of storing of financial information.” Giving your customers the finger isn’t illegal, either, but both demonstrate contempt for consumers, as does “leaving the backdoor open” for hackers to exploit.

Image courtesy of The Drum.

TalkTalk Allegedly Knew About Hack a Week Ago and Tried to Cover It Up

While TalkTalk publicly admitted on Thursday night (22nd Octoboer) to its servers being hacked – “a significant and sustained cyberattack,” in its own words – the UK internet service provider is accused of knowing about the hack for up to a week before revealing it, and of trying to cover it up.

According to reports in The Telegraph, TalkTalk customers experienced attacks on their home computers and phonecalls from scammers who knew their names and account detail the week before the company made an official statement regarding the hack.

“Someone rang up on Monday claiming to be from TalkTalk and they had all my account details,” Mr Walter, a Senior Analytics Director for Moodys and TalkTalk customer, told The Telegraph. “My partner gave them remote access to our laptop before realising it was a scam, and pulling the plug. But a virus had already been put on the computer and it’s going to cost time and money to sort out. I think TalkTalk’s actions have shown extremely poor regard for their customers, and a failure to encrypt the data was sloppy in the extreme.”

“I have received two phone calls – one last Friday, the 16th, and then again this Tuesday,” another customer, Jeremy Cotgrove, revealed. “Both sounded dodgy, a delay on the line and someone speaking very poor English. I just put the phone down as it did not sound kosher.”

Keith Vaz, the Labour Member of Parliament for Leicester East and Chairman of the Home Affair Select Committee, said that there was emerging evidence to support the assertion that TalkTalk had tried to hide the scale of the crime. “Suggestions that TalkTalk has covered up both the scale and duration of this attack are alarming and unacceptable and must be thoroughly investigated,” Vaz added.

The attackers, who used a simple SQL Injection to access the servers – described as the equivalent of TalkTalk “leaving the backdoor open” – have purportedly sent a ransom e-mail to CEO Baroness Harding of Winscombe, the Conservative Peer professionally known as Dido Harding, who also admitted that some sensitive user data had not been encrpyted.

Image courtesy of The Drum.

TalkTalk “Left the Door Unlocked” For Hackers

On Thursday night, UK ISP TalkTalk fell victim to a massive hack on its servers, during which unencrypted user data, including credit and debit card details, may have been stolen. TalkTalk CEO and Dido Harding – or Baroness Harding of Winscombe as she’s known in her role as Conservative Peer and Non-Executive Director of the Bank of England – has confirmed that parties claiming to be responsible for the hack have attempted to blackmail the company, bemoaning the emergence of “cyber-criminals” to the BBC yesterday.

It seems, though, that TalkTalk needs to take its share of responsibility for the hack, since the technique used was rudimentary and more than 15 years old. According to developer Tim Almond, the hackers used an SQL injection to compromise TalkTalk’s servers, the application of which is “like leaving a door unlocked in an office building” on the part of the ISP.

“It was using a technique called a SQL Injection attack,” Almond says. “Without going into detail of how it works, this is a very well-known and in computing years, a very old attack. I first had it explained to me in the early part of the 2000s.”

To make it clear that TalkTalk was negligent in not protecting against such an attack (let alone not encrypting user data), Almond says, “Many people wouldn’t even think of trying it because they wouldn’t expect a large website to miss it,” adding, “if you have good security policies, SQL Injection attacks shouldn’t be a problem.”

TalkTalk CEO Recieved Ransom E-Mail Following Hack

Following last night’s cyber-attack on UK internet service provider TalkTalk, the company’s Chief Executive has revealed that she personally received a ransom e-mail, purportedly from the parties responsible.  CEO Dido Harding admits that she does not know if the e-mail is genuine, but it has been passed on to police and will form part of the investigation into the perpetrators.

“It is hard for me to give you very much detail, but yes, we have been contacted by, I don’t know whether it is an individual or a group, purporting to be the hacker,” Harding told the BBC. When asked if the ransomers wanted paying, she responded, “It is a live criminal investigation […] All I can say is that I had personally received a contact from someone purporting – as I say I don’t know whether they are or are not – to be the hacker looking for money.”

“I’m very sorry for all the frustration, worry and concern this will inevitably be causing all of our customers,” Harding added.

Adrian Culley, former Scotland Yard detective turned Cyber security consultant, told the Today programme on BBC Radio 4 that a Russian Islamist group had taken responsibility for the attack.

In a statement, TalkTalk admitted that not all of the user data it stores had been encrypted, and could include:

  • Names and addresses
  • Dates of birth
  • Email addresses
  • Telephone numbers
  • TalkTalk account information
  • Credit card and bank details

Are you a TalkTalk customer? Are you concerned about your details failing into the wrong hands? And are you considering changing your ISP in the wake of this hack?

Image courtesy of TalkTalk

TalkTalk Website Struck by Cyber-Attack

The Metropolitan Police Cyber Crime unit has launched an investigation after the major UK internet and phone provider was hit by a “significant and sustained cyberattack” on Wednesday. At the current time, it is unclear as to the full extent of the attack, however, TalkTalk has released a guide with more information on the attack and advise their customers to be aware that some data may have been leaked. Alarmingly among this list are credit card and bank details, which when correlated with other potentially leaked account details such as names and email addresses could expose many of TalkTalk’s 4 million strong customer base to unauthorized access to finances and other identity fraud.

This isn’t the first time this year that TalkTalk has been affected cyber attacks that resulted in theft of customer data, when its associated firm Carphone Warehouse was the target of an attack that resulted in close to half a million TalkTalk Mobile customers being affected.

All of this is bad news for TalkTalk, which is already struggling with poor customer satisfaction, its Broadband division scoring only 48% in Which? magazines latest customer satisfaction survey. And while TalkTalk now assure customers their site is once again secure, the recurring leaks of data by the company are sure to hurt trust with their customers.

Are you a TalkTalk customer who has been affected by these attacks and are you concerned about the security of your details with the company in future? Let us know in the comments below and remember to check out Talk Talk’s advice on the incident.

Ebook Piracy Sites to Be Blocked by UK ISPs

Yesterday, the UK’s High Court ordered that websites carrying pirated ebooks should be blocked by the country’s internet service providers. The court ruled that an application made by The Publishers Association grants that the sites be blocked under Section 97A of the Copyright, Designs and Patents Act (1988). Within the next 10 days, BT, Virgin Media, Sky, TalkTalk, and EE will be legally obliged to block any and all sites deemed to be carrying copyrighted reading materials.

Richard Mollet, Chief Executive of The Publishers Association, said of the victory:

“A third of publisher revenues now come from digital sales but unfortunately this rise in the digital market has brought with it a growth in online infringement. Our members need to be able to protect their authors’ works from such illegal activity; writers need to be paid and publishers need to be able to continue to innovate and invest in new talent and material.

“We are very pleased that the High Court has granted this order and, in doing so, recognises the damage being inflicted on UK publishers and authors by these infringing websites.”

Much like the MPAA, it seems that The Publishers Association hasn’t heard of proxies or VPNs, and I would not be surprised to discover that the cost of this legal action was more than any offset loss of sales through piracy by publishers.

Thank you The Publishers Association for providing us with this information.

TalkTalk Forces Porn Filter on Customers

UK ISP TalkTalk is activating an adult content filter by default for all its users, thanks to prompting by tech-illiterate Prime Minister David Cameron. Under TalkTalk’s HomeSafe system, any website deemed to be hosting adult content will be blocked, unless users opt out.

According to the Alex Birtles, writing on the TalkTalk blog, auto-on content policing is for the user’s “peace of mind” and is “helping families stay safe online”. Birtles then writes, “We pre-tick the ‘on’ option, but it’s the customer’s choice”.

The Open Rights Group (ORG), however, contests the idea that content filtering benefits the public. Jim Killock, executive director of ORG, told the BBC, “Censorship should never be turned on by default.”

He added, “Filters block all kinds of websites, including some that provide useful advice to children and young people,” referring to instances of abused children being blocked from websites such as childline.org and samaritans.org by supposed adult content filters.

Source: BBC

Three Beat Sky and TalkTalk to £10.25 Billion Purchase of O2

Hutchison Whampoa, the Hong Kong-based owner of UK mobile network Three, has confirmed its purchase of rival network O2 from Spanish telecoms company Telefonica for £10.25 billion.

Hutchison has trumped both Sky and TalkTalk to complete the deal, which as agreed requires £9.25 billion up-front from Hutchison, with a further £1 billion deferred payment, making Three and O2 combined the biggest mobile operator in the UK, taking a 41% share of the market.

“The deal remains subject to satisfactory due diligence over O2 UK, agreement on terms, signing of definitive agreements, and obtaining required corporate and regulatory approvals,” a spokesperson for Hutchison Whampoa said.

Telefonica were desperate to sell O2 in order to pay off its existing debts, but managed to get £1 billion more for the company than early reports suggested.

Source: The Guardian

Sky and TalkTalk Compete With Three for O2 Purchase

Until this week, Hutchison Whampoa, owner of the Three mobile network in the UK, was thought to be in pole position to buy rival network O2 from Telefonica. But now, Sky and TalkTalk have entered the fray, with Telefonica eager to sell its asset for £9 billion to pay off existing debts.

Sky and TalkTalk, both major UK providers of broadband services, are eager to expand into the mobile communications sector, with TalkTalk already engaged in a partnership deal with the Vodafone network, and running its own small network hosted by O2. Financial Times sources claim that Sky, carrying a large debt after a £7 billion European expansion, is thought to prefer a partnership deal with O2, rather than an outright buy-out.

BT is not considered to be interested in O2 since its £12.5 billion takeover of EE.

Source: Wired

TalkTalk Buys Blinkbox and Tesco Broadband for £5m

UK internet service provider TalkTalk has confirmed the purchase of Tesco’s loss-making video streaming service Blinkbox, in a deal that includes 75,000 Tesco broadband customers and 20,000 landline customers, for £5 million. TalkTalk have acquired none of the debt accrued by the struggling video-on-demand business.

Blinkbox co-founder Adrian Letts has been made Managing Director of TalkTalk’s TV service as part of the deal.

Dido Harding, Chief Executive of TalkTalk, said of the move, “Since launch, TalkTalk TV has demonstrated its popularity with value-seeking customers to become the UK’s fastest growing TV service.”

“We are excited about the opportunity that Blinkbox’s platform and technology expertise bring, and which will significantly accelerate the development of our TV platform. The purchase of Tesco’s broadband base is another example of TalkTalk leveraging its national network to grow faster.”

Source: The Guardian

UK ISPs Hijacking Browsers to Force Porn Block on Customers

In order to comply with UK legislation by the deadline at end of December, UK ISPs – including Virgin Media, BT, TalkTalk, and Sky – have been redirecting users’ web connections to force them to choose to opt in or out of adult content blocks.

The browser redirects to a permission page, where the user must choose ‘yes’ or ‘no’ to the many blocks – designed to censor content including pornography, violence, and gambling – before they are allowed to continue to the desired site. BT is even stopping all internet access to customers until they make a decision.

The controversial legislation, foisted on the country by Prime Minister David Cameron, is meant to user in a “family friendly” internet experience, taking the responsibility for monitoring children’s online activity from the parents and giving it to the Internet Service Providers.

Internet rights groups have described the move as “completely unnecessary” and “heavy handed”. Open Rights Group, a digital rights organisation, has been especially critical, saying, “How can a customer tell the difference between an ISP hijack and a phishing site made to look the same? There are better ways for ISPs to contact their customers—particularly given that they have our phone numbers, email and actual addresses.”

Source: Wired

List of Blocked Torrent Sites in the UK Doubles

The High Court has ruled that 53 torrent websites be prohibited by UK Internet Service Providers, in the largest mass blocking yet. The list of sites include BitSoup, IP Torrents, Isohunt, Sumotorrent, Torrentdb, Torrentfunk, Torrentz, Warez BB, and Rapid Moviez. The Motion Picture Association (MPA) is responsible for submitting 32 of the requests.

The ISPs obliged to comply with the order are Sky, BT, Everything Everywhere, TalkTalk, O2, and Virgin.

Chris Marcich, president of the MPA’s European division, said, “Securing court orders requiring ISPs to block access to illegal websites is an accepted and legitimate measure to tackle online copyright infringement.”

According to Ernesto Van Der Sar, editor of Torrentfreak, the move will deter very few from accessing their favourite torrent site, explaining, “It deters a few people who can’t access their usual sites, but most people will try to find ones that are not yet blocked or use VPNs or proxy sites to get the same content.”

Source: BBC

Turns out Brits Aren’t Signing up to ISP Filters

ISP filters, you either love them or you hate them, I personally have no use for them but families with small children do. The numbers are on the decline with less and less people wanting this additional protection their ISP has to offer. It really depends on the buyer and what situation they may be in, like I said previously, some may have families with small children who use the internet for school and the parents don’t exactly want their small child watching pornography now do they. On the other hand there’s people like myself, old enough to know what’s good and bad on the internet and will automatically detect a scam or phishing website.

The stats are interesting to read through, only 5 percent of new customers accepted the filter at BT, while 8 percent did so at Sky. About 36 percent of customers signed up for the TalkTalk filter, and 4 percent bought into Virgin Media’s offer. To me this shows that TalkTalk has a lot of customers that live in family households as they have the highest sign up rate for their filter.

The Office of Communications determined that 100 percent of BT, Sky, and TalkTalk customers were immediately informed about the option to add a filter upon activation of their service. Only 35% of customers from Virgin Media were informed about their options regarding a filter.

In the end it all comes down to personal preference and whether or not you trust your kids, if you have any, when they are online but by looking at those results, it seems that British folk just don’t want to know or don’t care much for ISP filters. Can’t blame them really.

Thanks to Venturebeat for supplying us with this information.

Image courtesy of Wired.

The UK is Looking Into Alternate Solutions to Stop Illegal Torrent Downloads

The UK’s biggest internet providers in collaboration with the government and content creators are said to change the way they deal with people illegally downloading and/or sharing entertainment online. They say that instead of punishing the person, they will be sending out letters in an attempt to ‘educate’ him or her, as well as pointing out legal and comprehensive alternatives.

“We believe people will ultimately pay if they can get what they want, how they want, at a price that’s fair to them.” Virgin Media stated.

The ISPs are said to team up under the Creative Content UK campaign, which includes BT, Sky Broadband, TalkTalk and Virgin Media, as well as entertainment institutions The Motion Picture Association (MPA) and the British Record Music Industry (BPI). A significant multimedia awareness campaign is said to be the first phase, having ISPs sending out letters to users pirating content after the awareness. It’s said that people can receive up to four letters per year and nothing will happen if you choose to ignore them.

“Any alert will clearly recognise the account holder may not have engaged in copyright infringement themselves and we will be informative in tone, offering advice on where to find legitimate sources of entertainment content,” said Virgin Media. “At no point will we share any customer information as part of this campaign. By embracing digital, the creative industries can realise significant benefits, reaching millions of people with new and innovative services.”

This looks similar to what Polish developer CD Projekt, The Witcher series’ maker, did a while back. They have found alternatives to pirated entertainment by changing its focus from people who don’t want to pay and encouraging people who do.

Thank you Eurogamer for providing us with this information
Image courtesy of Eurogamer