Home / Tech News / Featured Announcement / TalkTalk misinformed almost 4,500 customers affected by 2015 hack

TalkTalk misinformed almost 4,500 customers affected by 2015 hack

Almost four years ago, UK ISP ‘TalkTalk’ suffered a major data breach, as a small group of hackers wormed their way into the company’s systems and obtained personal information and bank account details for thousands of customers. The people responsible have since been arrested and TalkTalk was fined £400,000 for poor security practices. Now, the hack is back to haunt them, as it turns out they didn’t properly inform customers that their details were leaked.

The BBC’s Watchdog investigation claims that 4,545 TalkTalk customers were told that they weren’t impacted by the 2015 data breach, which later turned out to be untrue. That means these customers had their full names, addresses, email addresses, dates of birth, customer numbers, phone numbers freely available online, increasing the risk of identity fraud.

TalkTalk told the BBC that this was a case of human error and that misinformed customers have since been contacted to apologise.

David Emm, principal security researcher at Kaspersky Lab UK, has labelled this as “a reminder that online providers not only have a duty of care to secure their customers’, but also to inform them in a timely manner if their data has been compromised”.

“Cybercriminals will never stop trying to compromise systems to obtain valuable information, such as personal customer data, – including personal details, payment card information and other valuable data that can be used for criminal purposes. Businesses should take a step back and re-evaluate their security strategy regularly, to ensure that their security strategy remains effective.”

The TalkTalk hack came to light in October 2015 and impacted close to 157,000 customers in total. The company was already fined £400,000 for poor security practices. Currently, there is no word on an additional fine based on misinforming at risk customers.

KitGuru Says: It is one thing to suffer from a data breach, but misinforming customers that were affected makes matters much worse. Hopefully, this will serve as another reminder to UK companies that they should have proper security procedures in place, in addition to a plan of action to inform customers swiftly if a breach does occur.

Become a Patron!

Check Also

AMD Special Edition – Leo Says Episode 39

The last few weeks in the computing world have been dominated by AMD - the company stole the show at Computex with its Ryzen 3000 processors and accompanying X570 motherboards, while at E3 we got our first looking at the upcoming RX 5700 graphics cards. You can bet our grumpy hero, Mr Leo Waldock, has a lot to say on these two topics, so here he is with an AMD Special Edition of 'Leo Says'.