HackDig : Dig high-quality web security articles for hackers

TalkTalk hack ‘only’ affected 157,000 customers

2015-11-06 12:55

Things at TalkTalk are bad. Real bad. But not quite as bad as first thought.

I am of course referring to the news that ‘only’ 157,000 customer records were accessed during the recent breach, not the incident management/response which was just… bad.

According to figures published by the BBC earlier today, some 156,959 customers had their personal information accessed – which is a somewhat lower figure than the 4 million or so that was suggested when news of the hack first came to light.

Not all of those customers saw their financial details exposed though – the number of bank account numbers and sort codes swiped came in at a ‘mere’ 15,656.

TalkTalk said 28,000 credit and debit card numbers stolen during the attack were essentially useless to those behind the breach as they had been “obscured” and were therefore unable to be used to initiate any type of financial transaction.

The company said anyone whose financial info had been exposed had already been contacted, and other affected customers would hear from TalkTalk in short order.

Having previously confirmed that usernames, addresses, dates of birth, email addresses and telephone numbers had been swiped, the company confirmed that around 4% of its userbase had at least some sensitive data at risk.

In addition to all the bad publicity garnered since the attack, the BBC also revealed another blow for the company, stating that TalkTalk shares had lost around a third of their value since the initial attack on 21 October.

Whether that will be a long-term concern for the leadership of the telecoms firm is debatable – I cannot find the relevant tweet right now, but Neira Jones has previously said that stock prices often bounce back quite strongly once the news of a breach starts to recede from peoples’ memories.

Whether that will be the case with TalkTalk or not remains to be seen and, in my opinion, will largely be affected by CEO Dino Harding’s performances in the coming weeks.

Meanwhile four people aged between 15 and 20 remain on police bail, having been arrested under the Computer Misuse Act.

The alleged motives of the youngsters, who of course remain innocent unless proven otherwise, are still unclear, though the Daily Mail has today had a stab at adding some flesh to one hypothesis, saying that up to 25 fun-seeking hackers had their mitts on customer data in the wake of the attack.

Citing Channel 4 News, the online paper quoted one hacker who apparently said:

It was in a Skype group call…with a lot of laughing and making fun of TalkTalk.
There was no group, it was just a few friends laughing about a company with bad security. It’s fun for us.

Responding to the program, in which one hacker claimed to have been rebuffed by an uninterested TalkTalk when explaining its security issues, a spokesman for the company gave the stock post-breach response that the company was taking the issues very seriously before adding that it was co-operating fully with police.

The spokesman then sprinkled what I would describe as a pinch of scorn on the Channel 4 report by saying “the information included in this report has not been verified and is in some respects materially inaccurate.”


Source: 4682=p?/hctawytiruces/ei.gnitlusnochb

Read:2956 | Comments:0 | Tags:Breaches Incident Response

“TalkTalk hack ‘only’ affected 157,000 customers”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud