Graham Cluley writes:
Hackers have stolen the personal details of thousands of TalKTalk customers, and – in some cases – used them to scam further information such as sensitive banking information.
Yesterday, UK broadband and phone operator TalkTalk emailed customers to tell them that an investigation had uncovered that there had been a significant data breach involving a third party contractor which had legitimate access to customer account details.
Read more on GrahamCluley.com.
From TalkTalk’s FAQ on the breach, which, as Graham notes, is all-too-buried and difficult to find:
The data that was accessed was names, home addresses, phone numbers and TalkTalk account numbers, but please rest assured no financial data such as bank or credit card details, or dates of birth were taken as this is encrypted on our system. We believe that the scammers may be using the information they have illegally obtained to trick people into thinking they are genuine TalkTalk callers, and encouraging them to hand over more detailed information, such as their bank details.
We take our customers’ security incredibly seriously, so this is being dealt with at the highest level within TalkTalk and we have put every possible measure in place to try and stop this from happening again. In the meantime, we would please ask you to take extra care when anyone rings or emails you claiming to be from TalkTalk. We also have a range of privacy features that come as standard, just for our customers, including our unique HomeSafe nuisance call reporting service. TalkTalk is the only provider to offer all these for free, simply visit Privacy Features to learn more.
And then there’s the “We take our customers’ security incredibly seriously” line. Not just “very seriously,” but “incredibly seriously.” Which is why they did not give their customers a heads up back in December when they first had reason to suspect a breach?
And what are they doing to assist customers who have become victims of scammers because TalkTalk was not more forthcoming about having had a breach?