Select a region
Mobile phone and broadband provider TalkTalk has become a victim of a “significant and sustained cyber attack” which could have led to breaches of customers’ personal and financial details.
The company said it was “too early to say” how many of its four million UK customers had been affected by the attack and the Metropolitan Police are investigating.
Here’s what we know so far.
TalkTalk said there was “a chance” data including credit card and bank account details may have been accessed. Other personal data could include names, addresses, dates of birth, email addresses and telephone numbers.
The company has admitted “not all of the data was encrypted” but that “we believed our systems were as secure as they could be”.
The firm has advised customers to “keep an eye on your accounts over the next few months” and report anything suspicious to their bank or Action Fraud, the UK’s fraud reporting centre.
People should also be vigilant to unsolicited calls asking for personal data or passwords, the firm said, adding it would never call to ask for bank details.
The attack took place on Wednesday and the company said it took its website down when it noticed “unusual activity”.
The internet provider said it did so in an “effort to protect data”.
Digital security expert Benjamin Harris, from MWR InfoSecurity, suggested a denial of service attack, which sees hackers block access to a site, would not have led to personal data being compromised.
But he said it was possible an attack on a website could gain access to data through links allowing customers to update their details.
It is unclear at the moment. Scotland Yard’s cyber crime unit has launched an investigation to establish what happened, how much data has been breached and the source of the attack.
As a broadband and mobile phone provider to four million customers, TalkTalk would be required to store large amounts of personal data.
It is the third time this year it has fallen prey to a data breach. In August the company revealed its mobile sales site was hit by a “sophisticated and co-ordinated cyber attack” in which personal data was breached by criminals, while in February customers were warned about scammers who managed to steal thousands of account numbers and names from the company’s computers.
But the company points out it is not the only victim, saying the latest attack “is by no means an isolated incident”.
In an FAQ it added: “Barely a week goes by now without cyber-criminals using increasingly hostile and sophisticated methods to target companies that do business online. It’s not just companies like TalkTalk that are being targeted, banks, retailers like Apple and even the US government have been victims.”
