TalkTalk (UK’s largest broadband and mobile phones service provider) has possibly faced one of the biggest breaches in the history of cyber breaches.
According to some of the reports, millions could be affected as the company currently has more or less 4 million customers from all over the UK and their personal and financial data is at stake.
The company is still investigating on how much data is breached, so it’s too early to say how many out of 4 million customers are actually affected. But, one thing is though confirmed that data is very sensitive and include credit card, bank account details, names, and addresses, date of births, Email addresses and telephone numbers. A message from the hackers along with non-sensitive details can be seen here (Pastebin link).
The company has made an announcement that in order to avoid customers must keep an eye on every activity that takes place on their accounts and in case they find anything suspicious must report to the UK fraud reporting Centre.
Furthermore, if any call comes to them asking for personal data or passwords must report to the UK fraud Centre. The TalkTalk CEO Dido Harding told the BBC that she has been receiving ransom demands from hackers who claim they hacked the company’s database.
It all began on Wednesday when company officials saw unusual activity on their website and took the website offline.
Security experts believe this may not be a DDoS attack as with DDoS customer data could not be compromised. But, data is possible to access from links which can allow them to update the consumer data
Now seems TalkTalk attack was DDoS followed by SQL injection – one expert tells me it's "disappointing" they fell victim to this technique
— Rory Cellan-Jones (@ruskin147) October 23, 2015
It’s still unclear on who breached the website’s security as an investigation is still underway, no arrest are still made, but it’s clear that Metropolitan police is very determined in getting to the hackers.
But, TalkTalk has been on the radar of the hackers, as the site has been breached for the third time this year.
In August, company’s mobile sales site was attacked, and in that attack as well lots of customer data were exposed.
In February, the company generated a warning regarding spammers and hackers stealing data from company’s computers.
Though, company denied both the breaches as just a precaution but certainly the company has been in the mix from the start of the year.
UPDATE:
TalkTalk has posted an update on their site confirming that the Metropolitan Police has arrested a suspect in connection with the cyber attack on their website on 21st October 2015.
More follows…
BBC
TalkTalk