UK ISP TalkTalk could potentially be put out of business by compensation claims following the recent hack that compromised unencrypted user data. While TalkTalk admitted that it was a victim to a cyberattack last Thursday (22nd October), and has since claimed that it was not as serious as first feared, there is evidence to suggest that the company not only knew about the hack a week before revealing it and tried to cover it up, but that customers had received fraudulent phonecalls from parties that knew personal information as early as 16th October.
According to the Daily Star, city lawyers are drawing up compensation claims on behalf of thousands of customers, to the tune of around £1,000 each, which could cost TalkTalk up to £75 million, with further cases sure to follow.
“This is the Great Train Robbery of the 21st Century.,” Former Met Police detective and private security adviser Adrian Culley said. “There is a potentially huge liability for TalkTalk. Compensation payments could put them out of business.”
Meanwhile, TalkTalk CEO Dido Harding has claimed that it was not “legally required” to encrypt user data. Talking to The Sunday Times (paywalled content via Ars Technica), Harding said, “[Our data] wasn’t encrypted, nor are you legally required to encrypt it. We have complied with all of our legal obligations in terms of storing of financial information.” Giving your customers the finger isn’t illegal, either, but both demonstrate contempt for consumers, as does “leaving the backdoor open” for hackers to exploit.
Image courtesy of The Drum.