TalkTalk CEO receives ransom note from alleged cyber-hackers
The bank details of 4 million customers of British ISP TalkTalk may have been exposed following a “significant and sustained” cyber-attack on the firm’s website. A former detective has suggested Islamic extremists could be to blame.
The attack, believed to have occurred on Wednesday, has left TalkTalk customers around the world in fear as the firm admits it does not know how many people have been affected.
Our website was subjected to a significant and sustained #cyberattack. There’s more information here https://t.co/yQK3Q73AjW
— TalkTalk (@TalkTalkCare) October 22, 2015
The telecommunications company said there is a chance personal data including credit card details, email addresses, names, telephone numbers and dates of birth have been accessed by hackers.
This is the third cyber-attack to hit the firm in the past 12 months.
TalkTalk has confessed “not all of the data was encrypted” but it believes its systems are “as secure as they could be.”
‘Disappointed’
TalkTalk customer Amandine said she is “upset” to hear about the cyber-attack.
“I don’t know yet if my details have been stolen for sure. I hope not,” she told RT.
“I’m upset and I hope it won’t affect my internet service too.
“If people are smart enough to hack TalkTalk they are not going to use the data right now and will wait for people to forget about it.”
My identity has been stolen through @TalkTalk_UK .Can't get through to them or fraud squad which I got from @itvnews.Don't know what to do.
— Donna Kinnear (@DonnaMKinnear) October 23, 2015
The London based customer, who has been with TalkTalk for 6 months, said she is disappointed with the firm for not telling her immediately and failing to encrypt her data.
“Attacks can happen, we all know that, but I am not sure their crisis communication worked well. I first heard about it over the news.
TalkTalk boss Baroness Harding confirms there'll be no blanket refund of penalty fees for leaving TalkTalk early despite 3 data breaches
— Paul Lewis (@paullewismoney) October 23, 2015
“What a disappointment to see they didn’t even encrypted our personal data.”
TalkTalk customer Sarah, who has been with the provider for 5 years, told RT she feels vulnerable.
“Still no direct email from TalkTalk so having to rely on the news,” she said.
Anyone else still not had an email? #TalkTalk
— Chris (@Poppyblew) October 23, 2015
“I feel vulnerable and, obviously, I’m very concerned. They presumably have every detail about me from TalkTalk. I can’t believe that TalkTalk didn’t encrypt all information.
“I would definitely consider leaving. I chose them over Sky (and Virgin isn’t available in my area). I will definitely explore other options and hope that they would be considered to be in breach of contract.”
'Ransom note'
It has emerged that TalkTalk’s chief executive Dido Harding received a ransom email from someone claiming to be behind the cyber-attack.
Talk Talk confirm they have recived a ransom note
— Chris Choi (@Chrisitv) October 23, 2015
BREAKING: #TalkTalk has received a ransom demand
— Kay Burley (@KayBurley) October 23, 2015
Here’s the chief exec of TalkTalk talking about the ransom email https://t.co/EsX0icRlr1pic.twitter.com/byhkDkeWkL
— James Cook (@JamesLiamCook) October 23, 2015
Speaking to the BBC on Friday, Harding said: “It is hard for me to give you very much detail, but yes, we have been contacted by, I don’t know whether it is an individual or a group, purporting to be the hacker.”
“All I can say is that I had personally received a contact from someone purporting – as I say I don’t know whether they are or are not – to be the hacker looking for money.
Dido Harding, BBC interview: was all the stolen customer data encrypted? “The awful truth is, I don’t know.” #TalkTalk
— Kamal Ahmed (@bbckamal) October 23, 2015
Dido Harding, BBC interview: “With the benefit of hindsight - were we doing enough [on security]? We’ve got to say we weren’t." #TalkTalk
— Kamal Ahmed (@bbckamal) October 23, 2015
“If you’re a cyber-criminal, the days of stealing data and then selling it for cash in the dark web – they’re not so profitable as they used to be.
“And I do think that you see more cyber criminals wanting to effectively make money by extorting the companies that hold that data, and there’ve been a number of incidents just this week.”
‘Extremely serious’
The firm said it is working with police to establish what happened.
“We are continuing to work with leading cybercrime specialists and the Metropolitan Police to establish exactly what happened and the extent of any information accessed,” the company said in a statement on Thursday night after revealing the attack.
Harding said the company is taking this attack “extremely seriously.”
Our CEO Dido Harding apologises to #TalkTalk customers about disruption caused by the #cyberattack on our website https://t.co/eKRO4L10iX
— TalkTalk Comms (@TalkTalkComms) October 22, 2015
“We take any threat to the security of our customers’ data extremely seriously, and we are taking all the necessary steps to understand what has happened here,” she said in a statement.
“TalkTalk was informing its customers immediately about the attack as a precaution,” she added.
Harding said TalkTalk informed customers 34 hours after it became aware of the attack as it “needed the facts first,” ITV reports.
The firm has instructed customers to keep an eye on their bank statements, contact their bank if they notice anything unusual and be weary of people contacting them asking for their personal details.
‘TalkTalk should have reported hack sooner’
UK Information Commissioner Christopher Graham said TalkTalk should have reported the incident “much sooner.”
Although it began on Wednesday, the Information Commissioner’s Office (ICO) was only informed of the cyber-attack at 4.30pm on Thursday.
Graham said the ICO will examine the delay in its investigation into the data breach.
“There isn’t an off-the-peg solution that renders everything secure and in some cases encrypting everything would probably be excessive,” he told ITV.
“But the big civil monetary penalty we imposed on the Sony Corporation for the PlayStation incident was involving the lack of encryption of customer data and that cost them £200,000. People have got to take this seriously,” he added.
UK Information Commissioner's Office (ICO) "making enquiries" over TalkTalk hack https://t.co/qRHS1qiYr6pic.twitter.com/OozgDhqDsG
— Rob Price (@robaeprice) October 23, 2015
The ICO said it will be liaising with police and offering TalkTalk customers advice.
“The ICO is aware of this incident, which was reported to us on Thursday afternoon. We will be making enquiries and liaising with the police,” it said.
“Any time personal data is lost there can be a risk of identity theft. There are measures you can take to guard against identity theft, for instance being vigilant around items on your credit card statements or checking your credit ratings. There are tips and information about identity theft available on our website,” it added.
‘Unsure if former customers have been hacked’
In an interview with BBC News on Friday, Harding admitted she is unsure if former TalkTalk customers have fallen prey to the cyber-attack.
#TalkTalk chief exec tells me a 'material number' of their 4 million customers hit by cyber attack - 'a very significant amount of data'
— Ben Brown (@BenBrownBBC) October 23, 2015
When asked why some customers only heard about the attack on the news, she said: “We decided to use the media to reach our customers faster.”
Harding also said it is “too early” to say customers would be compensated or allowed to leave TalkTalk without paying a penalty.
‘Islamic terrorists behind it’
Former Scotland Yard cyber-crime detective Adrian Cully suggested the attack could be related to Islamic terrorism after a group claimed responsibility for the attack.
A statement from the group published on social media said “we cannot be stopped.”
“We have adapted to the security measures of the web. We cannot be stopped. We have made our tracks untraceable through onion routing, encrypted chat messages, private key emails, hacked servers,” it said.
Completely unverifiable but here's the statement from the Russian group claiming to be behind the TalkTalk hack pic.twitter.com/kfbc4lZjns
— Rory Cellan-Jones (@ruskin147) October 23, 2015
“We will teach our children to use the web for Allah. Your hands will be covered in blood. Judgement day is soon,” it added.
“We are in the Soviet Russia and near place, your Europe, we control Asia, we control America.”
Speaking to the BBC’s Radio 4 Today program on Friday, Cully said: “They [the group] are claiming to be from Soviet Russia and be an Islamic cyber jihadi group.”
Customers concerned about the #cyberattack can find more information here https://t.co/n7q1dmHoWV. Follow @TalkTalkCare for updates
— TalkTalk Comms (@TalkTalkComms) October 23, 2015
Even more damning is how they stored financial info #TalkTalkpic.twitter.com/U8XIQsKLCO
— Daniel Cuthbert (@dcuthbert) October 23, 2015
“They have posted on to Pastebin information that appears to be TalkTalk customer private information,” he added.
The alleged hackers appear to have published around a hundred emails and home addresses under their statement to prove they are the cyber-attackers.
Hidden in the text, there is a line which reads: “Prepare, secure your websites, secure your borders, secure your country, but Jihad from us is coming, Muhammed rises, salat fellow brother.”
The Metropolitan Police Cyber Crime Unit has said it is aware of speculation regarding alleged perpetrators.
Even more damning is how they stored financial info #TalkTalkpic.twitter.com/U8XIQsKLCO
— Daniel Cuthbert (@dcuthbert) October 23, 2015
“This case is just one example of the new generation of criminality my team are dedicated to tackling. We continue to lead on this investigation but are working with the National Crime Agency (NCA),” it said in a statement.
Cyber Crime Unit update regarding TalkTalk data fraud investigation https://t.co/jrEqUFAJg7pic.twitter.com/JTJfBGuvZO
— Metropolitan Police (@metpoliceuk) October 23, 2015
“Operation Falcon sees a more focused and joined-up approach by the MPS, the business industry and other law enforcement agencies to ensure that we quickly identify the issue - in this case alleged data fraud - and immediately set about working to protect the public, designing out the crime and arresting the culprits.”
“We are aware of speculation regarding alleged perpetrators; this investigation remains at an early stage; a full assessment of the alleged data theft is ongoing.”
‘TalkTalk shares sink’
It has emerged that TalkTalk’s shares sank 3.9 percent in the first few minutes of trading on Friday, hours after the cyber-attack was revealed. It has now declined by up to 9 percent.
TalkTalk shares down 9% #cyberattack
— Kamal Ahmed (@bbckamal) October 23, 2015
TalkTalk shares are getting obliterated again after their third hack announcement this year https://t.co/J0n0oXGIcwpic.twitter.com/upJr1nBd8N
— Mike Bird (@Birdyword) October 23, 2015
Ouch. TalkTalk shares are now down 9% as police investigate a cyber attack on its website: https://t.co/Sr9LaPoNw0pic.twitter.com/0Fus1sTu0c
— fastFT (@fastFT) October 23, 2015
Commenting on this, one Twitter user said it is “about time companies paid compensation for their breach of duty of care.”
Labour MP for Newcastle Central Chi Onwurah urged TalkTalk to “take responsibility for long term customer support.”
V worrying that @talktalk have suffered another data breach, they must take responsibility for long term customer support & follow up 1/2
— chi onwurah (@ChiOnwurah) October 23, 2015
2/2 & find this 'advice' confusing - #talktalk will ring customers & ask for bank details if 'permission' given?? https://t.co/bKLFfYfUsk
— chi onwurah (@ChiOnwurah) October 23, 2015
“V [very] worrying that TalkTalk have suffered another data breach, they must take responsibility for long term customer support and follow up,” she said on Twitter.
“I find this advice confusing – TalkTalk will ring customers and ask for bank details if ‘permission’ given’??,” she added.
A Scotland Yard spokesman said: “There have been no arrests and enquiries are ongoing. We are aware of speculation regarding alleged perpetrators; this investigation remains at an early stage; a full assessment of the alleged data theft is ongoing.”