UK police investigating "significant and sustained cyberattack" on TalkTalk website [Update]

TalkTalk is one of the largest providers of telephony, broadband and pay-TV services in the UK, serving consumers and businesses all over the country. However, the company has revealed that "a significant and sustained cyberattack" took place on its website yesterday - and it acknowledges that personal information and customer banking details "may have been accessed".

TalkTalk says that London"s Metropolitan Police Cyber Crime Unit has launched a criminal investigation into the attack, and they are working together "to establish exactly what happened and the extent of any information accessed". However, the company concedes that the following details may have been compromised in the security breach:

  • Names
  • Addresses
  • Dates of birth
  • Email addresses
  • Telephone numbers
  • TalkTalk account information
  • Credit card details and/or bank details

TalkTalk says that it is contacting its customers directly to let them know of the incident, adding that it has "taken all necessary measures to secure our website following the attack". It has also contacted major UK banks, which it says "will be monitoring for any suspicious activity" on its customers" accounts.

The company also advises that customers closely monitor their accounts to look out for any unexpected transactions.

Source: TalkTalk

UPDATE - 12:30pm, Oct 23, 2015: TalkTalk CEO Dido Harding has told BBC News that she has received an email demanding a ransom, from a group claiming to be responsible for the attack: "All I can say is that I had personally received a contact from someone purporting - as I say I don"t know whether they are or are not - to be the hacker looking for money."

Meanwhile, details are emerging of how TalkTalk stored its customer data - and so far, it"s not a pretty story:

TalkTalk admits that it didn’t encrypt all customer data, but it now appears credit card/bank details weren"t secured. Christ.

— Matt Brian (@m4tt) October 23, 2015

...and there are also indications of how the attack was carried out:

Now seems TalkTalk attack was DDoS followed by SQL injection - one expert tells me it"s "disappointing" they fell victim to this technique

— Rory Cellan-Jones (@BBCRoryCJ) October 23, 2015

Report a problem with article
Next Article

Stardock's 'Ashes of the Singularity' launches today - supports DirectX 12 [Update]

Previous Article

Microsoft Q1 FY2016 earnings: $4.6bn net income on revenues of $20.4bn