Telecoms operator TalkTalk has been hit by what has been described by police as a “significant”, attack on its website, resulting in the potential leaking of banking and personal data for some or all of the company's four million customers around the UK. While police and online-crime divisions are investigating the attack, so far no arrests have been made and TalkTalk is still trying to come to terms with how bad the breach may have been.
In the mean time, TalkTalk has published a list of information that may have been accessed by those responsible. It's rather exhaustive, covering everything from names, addresses and dates of birth, right through to account information and credit and banking details. While the telecoms provider did state that some of the more high-risk personal data was encrypted, not all of it was.
As expected this has a lot of customers worried and it will likely see some move on to TalkTalk competitors even if it is too late to save their data. This outlook was reflected in the company share prices which dropped 10 per cent in the hours after the news broke (via BBC).
The latest news is that a ransom notice was sent to Talk Talk on behalf of a group claiming responsibility for the hack. Presumably it is demanding payment in return for not publishing customer information, though neither TalkTalk or the police have revealed much in the way of details.
We're working to restore My Account as quickly as possible. You don’t need to change your password until it is restored. More info to follow
— TalkTalk (@TalkTalk) October 23, 2015
For now TalkTalk is recommending all customers change their password on the TalkTalk site (when it's back up) and anywhere else they may have reused that same information.
KitGuru Says: I wonder if this is at all related to the DDOS ransom attacks we saw against several UK tech retailers in the past few days?