Aren't talk talk the lot that desperately wanted everyone to sign their porn register, I mean opt out of the net nanny scheme?
TalkTalk CEO admits security fail, says hacker emailed ransom demand
Dido Harding, the chief executive of TalkTalk, has confessed her company should have done more to protect its customers' personal information, and has confirmed a seemingly related blackmail attempt. Harding told BBC News that she had personally received an email which included a ransom demand from "an individual or a group, …
COMMENTS
-
-
Friday 23rd October 2015 15:33 GMT Danny 14
which also leads onto an interesting question, what about people who have previously been talktalk customers? Are their details (and CC/bank accounts) still held on the system?
Whilst they might contact current customers, will they be contacting previous ones too?
That's a nice 4 million mailshot earner for the franking machine.
-
Friday 23rd October 2015 21:09 GMT Chris King
If they have retained customer details from the operations they have taken over, it's not just ex-TalkTalk customers in the firing line. What about former customers of...
AOL (UK)
Tiscali
Pipex
Nildram
Tesco Broadband
Virgin Media (ADSL)
OneTel
...and possibly others I've forgotten about ?
I will be SERIOUSLY miffed if I'm caught in the crossfire of this Charlie Foxtrot - I was a Nildram customer but escaped to AAISP nearly ten years ago, and had a OneTel dialup account before that. How long have they held on to ex-customer data, I wonder ?
-
Friday 23rd October 2015 22:32 GMT Doctor Syntax
@Chris King
Like you I've been through the Nildram>Pipex>Tiscali route but I jumped ship nearly 6 years ago. A good deal of what they had will be stale by now, certainly I've changed bank since then. I doubt either of us would fall for a call claiming to be from their customer disservices - they never did anything after the Tiscali takeover so why expect them to be getting round to it now?
In fact, after the Tiscali takeover their email support would have passed the Turing test - there was no way to tell whether it was human or a bot - but not in a good way.
-
-
Sunday 25th October 2015 17:48 GMT John Brown (no body)
"who have previously been talktalk customers?"
...not to mention ex customers of ISPs which have been taken over by Talk Talk. I wonder how many people that might affect and if they have even a vague inkling that their bank account details might have been compromised?
EDIT: I now see this topic has already been mentioned (and down voted? WTF?????)
-
-
-
-
-
Friday 23rd October 2015 17:14 GMT Arctic fox
Re: Dido Harding...
Well done gentlemen - there is perhaps something to be said for some form of classical education!
"When I am laid, am laid in earth, May my wrongs create
No trouble, no trouble in thy breast;
Remember me, remember me, but ah! forget my fate.
Remember me, but ah! forget my fate."
-
-
-
-
This post has been deleted by its author
-
Friday 23rd October 2015 15:44 GMT Kubla Cant
Re: Radio 4
The interview on Radio 4 this morning the person claimed it was too early to say if important customer data was encrypted ( and there was millions of records, as if that was a reason).
Record 1: not encrypted, record 2: not encrypted either, record 3: still not encrypted, record 4...
You can see how this may take some time.
-
Friday 23rd October 2015 16:13 GMT MrWibble
Re: Radio 4
Ars says "no"
"Moreover, TalkTalk has confirmed to Ars that some of its customer data was stored in plaintext, i.e. not encrypted. The spokesperson admitted this was "not ideal,"
-
Friday 23rd October 2015 17:05 GMT Anonymous Coward
Re: Radio 4
SQL injection can bypass encrypted data. Though there's some data (e.g. passwords) that should be encrypted in a form that even the company itself can't access. And it wasn't because the passwords are out there in pastebin for all to see.
I wish that I had never signed up with TalkTalk. I pay for everything via credit card normally. That affords me some protection. But with my TalkTalk business account they refused to accept credit card. They said I could change the payment information over to credit card later on but that they could not (read: would not) set up an account without bank details. And instead of backing at that point and going through the entire selection and sign-up process again with a different provider, I let them have the bank details so they could have a direct debit. So now my name, bank details and a password (only used for TalkTalk) are out there because of these people.
-
-
Saturday 24th October 2015 10:48 GMT Cameron Colley
Re: Radio 4
@Anonymous Coward: "So, how is that important? They have the same details you give when you write a cheque for something to be delivered to your home address. And, like any sane person, you don't use the same password for your banking."
You sound just like Jeremy Clarkson. Perhaps look into how well it went for him when he made his baking details public?
-
-
-
Friday 23rd October 2015 14:58 GMT mark 120
Lol. Selling data on the dark web isn't as profitable as it used to be? That's only if you look at it on a price per unit basis, because the market is flooded with details stolen from companies like TT. Overall it's still very profitable.
Is it just me who thinks she needs a PR person telling her to shut up right now?
-
-
Friday 23rd October 2015 15:09 GMT Geoff May
Re: Whats the betting
Excepting that will not help them because, the only real way of getting security would be to change banks, move house, change your name and try and get your date of birth amended. I wonder if TalkTalk customers can move to a different calendar to avoid future trouble ...
-
-
Friday 23rd October 2015 15:07 GMT Anonymous Coward
relax
Gubbmint keep telling us they have invested billions in cyberstuff to protect/spy on us
Forget police dealing with burglary,muggings etc cos they are all back in the station trying to figure out how to get back to that screen they had a minute ago sarge.
Meanwhile private companies have took this as a sign they can go to sleep and just let then boys in the big doughnut nerve centre advise them after the fact.
-
Friday 23rd October 2015 15:18 GMT Peter Kavanagh.
Ongoing, definitely not new
Someone in earlier article comments mentioned they knew of instances of attempted phishing calls, where the scammers had worryingly detailed knowledge of the target's TalkTalk account information.
On a phone-in to LBC on Monday someone called in with a very similar story of a call - "we understand you've had problems with our broadband service" (customer had indeed experienced this) ", so we would like to refund you some money, just need to check the payment details...".
Either inside information or clear confirmation that account details have been compromised in earlier attacks.