It’s been a week since the tech world was rocked by news that major internet service provider TalkTalk was the victim of a significant cyberattack. Since then, the company has been more than a little sheepish when pushed on the specifics of the damage caused.
TalkTalk have now decided to live up to their name and discuss figures. Having done so, the story is now wrestling for the headlines with news of another attack on a significant tech corporation.
Lifting the Lid
Given the natures of TalkTalk’s latest press release, it seems likely that they are still largely unaware of exactly what was stolen and how the attackers gained access to it. However, TalkTalk have claimed that the extent of the damage is “significantly less than originally suspected”. Amongst the accessed data is:
- less than 1.2 million customer email addresses, name and phone numbers
- less than 28,000 obscured credit and debit card details
- less than 21,000 bank account numbers and sort codes
- less than 15,000 customer dates of birth
TalkTalk’s rhetoric and persistent us of “less than” during the released figures is attempting to extinguish the severity of the situation. Given that the credit and debit card details are all missing the six middle digits means that whoever now has their hands on them won’t be able to make any purchases using those stolen details. In the short term then, the biggest danger to those affected will be via the 1.2 million basic customer details, who should be on guard for any potential scams via phone or emails addresses. TalkTalk have also offered out 12 months of free credit monitoring alerts with Noddle (using the code TT231).
Elsewhere, the investigation into who carried out the attack continues. Last week, a 16-year-old boy from London and a 15-year-old boy from Northern Ireland were arrested on suspicion of Computer Misuse Act offences. Both have since been released on bail, however a third suspect has now been arrested in regards to the attack. The suspect, a 20-year-old man from Staffordshire, has also been held over offences relating to the Computer Misuse act.
Whilst this attack represents the third breach of TalkTalk’s systems in the last year, they aren’t the only tech-related company currently under the cybercrime microscope. Major mobile network provider Vodafone have also been the victim of an attack, although it seems considerably less severe than the events currently unfolding at TalkTalk.
The company have announced that between midnight on the 28th of October and midday on the 29th, an attempt was made by an unauthorised source to access customer details. Vodafone have insisted their systems were not breached, and the attackers used externally sourced email addresses and passwords as the source of their attack. As a result, only 1,827 customers had their accounts accessed, with their names and some bank accounts potentially at risk. The owners of each account have been notified by Vodafone, and they insist there is no need for alarm from any of their other customers.
Guarding against Further Damage
So, how should you be guarding against any further damage should you be a customer of TalkTalk, Vodafone or any other company that handles your personal data? Well, anyone who now has their hands on your bank account details is not in a position to clear out the contents, but you should be monitor the outgoings of your bank a little closer in the short-term just in case.
Any further attempt at gaining information from you will likely come from a phishing attack. Using the email addresses or phone numbers gathered, phishing attacks will be fraudulent emails or phone calls coaxing unsuspecting people into handing over information. Be extra vigilant if asked to hand over passwords and bank details.
Title Image- TalkTalk Group