TalkTalk has confirmed it has been contacted by someone claiming to be behind the cyber attack that saw personal data of millions of customers stolen – and a ransom demand has been made.
The company is currently still investigating the cyber attack, which took place on Wednesday and is believed to have seen a large number of the firm’s four million customers affected; with hackers gaining access to personal details.
A spokeswoman for the company said: “We can confirm we were contacted by someone claiming to be responsible and seeking payment.”
The amount demanded was not disclosed by TalkTalk, with the spokeswoman adding that “everything else is a matter for the police”.
The firm’s chief executive, Dido Harding, has already warned that every customer’s personal and financial information could have been accessed in the attack.
“We have taken the precaution to assume the worst case, which is that all of our customers’ personal financial information has been accessed,” she said.
“We think that is the most prudent and sensible way to be, to tell all of our customers that now, so that they can protect themselves rather than wait to do the analysis and give a more precise number and cause more concern to people over the long term.”
How the attack was carried out is still unknown, though there have been reports that a distributed denial of service (DDoS) attack; flooding the website with traffic in order to crash it, may have been used as part of the breach.
This is also the third attack on TalkTalk in less than a year, following an attack on its mobile sales site in August, and the theft of thousands of account names and numbers from company computers in February.
A still unverified message claiming responsibility for the attack had been posted to website Pastebin late on Wednesday, with the poster also suggesting links to Islamic terrorists, alongside what it said was a list of customer details that had been stolen.