Talk Talk Hacked Again……

Heard on the radio that Talk Talk have been hacked again.

I know this can perhaps happen to any large company these days, but that’s at least twice now and I think it’s time to look for an alternative – the broadband service is not very good anyway and we frequently get phone calls pushing us to sign up to their TV box which we don’t want, so no good reasons to stay with them.

We’ve already ended up having daily ‘Talk Talk customer service’ calls from people doing the ‘Microsoft style fraud’ as a result of the last hack.

What provider are people using for phone & broadband. Any you can recommend? Any you don’t recommend!?!
PlusNet always seem to pop up as a good provider to go for.
How about BT? Always seem a bit more expensive, but perhaps you get what you pay for?

I would be interested to hear what happened with this one – how did they get bank account numbers from a website hack ? Somebody isn’t doing their security properly.

They were saying on radio 4 this morning the stolen data has already turned up on t’internet.

Been with PlusNet for a llloooonnnnngggggggg time, can’t fault them. I’ve never had any trouble at all, and any time I’ve heard of someone that has it’s actually been a BT element that’s let them down

I have used BT for years – they only stuff up they have made was sending me the alert that my broadband was WAY over usage to a BT email account I didn’t even know I had, let alone use.

I managed to get the charges refunded with no arguments, as I definitely didn’t use the astronomical amount they were trying to charge me for.

I’m with TalkTalk too. They only have my bank details (not credit/debit card) so I’m not sure how they could get money out. The information they have is only what would be on a cheque.

Am I wrong?

That’s what I was wondering too.

Little risk in them having your bank details.
Much more risk in them having your password, if you re-use the same password across many sites as some folk tend to do.

It said there was a chance that some of the following customer data, not all of which was encrypted, had been accessed:
Names and addresses
Dates of birth
Email addresses
Telephone numbers
TalkTalk account information
Credit card and bank details

Yup exactly what’s on a cheque.

Yes, I always put my address and date of birth on a cheque, usually with my mother’s maiden name, you know, in case somebody wants to send me a birthday card.

I’ve been with BT for a few years after moving from sky (I had a really bad service from sky, it was really slow at peak times and very intermittent connection) moved to infinity and obviously it’s faster but it’s a constant connection and BT have been great to deal with.

My sister is also with BT and I moved in about three months ago, no one told me that it was only a 40gb a month plan so when I ate through 500gb in the first month they recieved a massive bill! My BIL rang up to question it and they refunded without question and upped his plan for free.

All in all I would recommend BT.

the-muffin-man – Member

I’m with TalkTalk too. They only have my bank details (not credit/debit card) so I’m not sure how they could get money out. The information they have is only what would be on a cheque.

Am I wrong?

What they are saying on the website is that the hackers can’t access your bank account through this hack (obviously), but the details can be used for identity theft or online fraud – so check your accounts regularly over the next few months for suspicious activity & report anything you see.

The TalkTalk website does mention a year of credit monitoring for all affected customers, with details to follow.
I’m not sure entirely what that means, but it sounds mildly re-assuring from a credit rating point of view.

So, PlusNet & BT looking like likely contenders at the mo….

Cannot see the mention of credit rating…where is that? Heard CEO on radio 5 mention it…off to plusnet I think,

Guys – this is really shit.

And I’ll explain why: I work for TalkTalk. And I’m a customer.

This is the first data loss suffered directly by us: the first two were as a result of thefts from two partner organisaitons. Legal activity is ongoing with both of them.

This was a direct criminal attack to steal the personal data of 4m customers. We are often under DDOS attack – all large businesses are – and this initially looked like that. But it quickly became clear that it was more than that, hence us taking our sales sites offline.

Because it’s a criminal attack the police are already involved – it’s not clear yet where the attack has come from, though a Russian terrorist group is currently claiming responsibility.

We have advice for our customers: if you are or think you’re affected then go HERE and HERE for more information.

If you try to call please note that there are huge queues into the contact centres, so please be patient.

We’re also emailing every customer (this will take time to avoid overloading the systems further) and are also writing to those who may not pick up up their emails.

You can also find info via our online community teams on Twitter.

As an organisaiton we’re really sorry this has happened and are working hard to find out the scale of the attack and the potential impact on our customers.

Like I say, it’s really shit.

The TalkTalk website does mention a year of credit monitoring for all affected customers, with details to follow.
I’m not sure entirely what that means, but it sounds mildly re-assuring from a credit rating point of view.

It’s so that all customers are able to keep a close eye on their credit file as a methiod of spotting fraudulent activity (e.g, to spot credit searches made against their name that they haven’t instigated).

I’ll be using it and I shall be speaking to my bank today to get some checks put on transactions.

Ourman……thanks for the posts really helpful….still cannot see how to use it nor mention on the site…..am I missing something?

oumaninthenorth – thanks for the explanation…

We’ve been a customer for quite a while now (the whole time we’ve been in our current house – almost 5 years and probably about 2 years before we moved).

While I can see that it must be massively frustrating for you & the rest of the TalkTalk staff (you e-mailed me a while back after I mentioned on here the ‘customer service hack’ phone calls I was getting) – as an outsider, it does seem to be that TalkTalk are more susceptible than other firms to successful cyber attacks?
It’s irrelevant to the customer whether attacks occur to TalkTalk themselves or to ‘partner organisations’ if the end result appears to be the same.

It’s good to see that there are plenty of measures being taken, and I appreciate you posting here & including the links that you have.

vondally – Member

Ourman……thanks for the posts really helpful….still cannot see how to use it nor mention on the site…..am I missing something?

The talk talk page I looked at earlier said that details are to follow (on the credit monitoring), so I imagine you’ll get an e-mail or a letter in due course to explain more. I suspect that is something that takes a while to organise for 4m people!!

It’s irrelevant to the customer whether attacks occur to TalkTalk themselves or to ‘partner organisations’ if the end result appears to be the same.

Absolutely right. Ultimately it’s the people affected – our customers – and they should not have to worry about how or where it’s happened.

Ourman……thanks for the posts really helpful….still cannot see how to use it nor mention on the site…..am I missing something?

Once the email comms start filtering through there will be info there on how to utilise the service.

@ stumpy – yes, emailing 4m customers and not causing them any other service issues does take some time!

Stumpy get that and yes understand however as an internet naysayer and doom just feels all my pigeons and fears may have come home to roost……. 🙁

Plus (all credit to ourman) may experience with talk talk has been dire recently we have been with them nearly a decade, so was going to move but did not so more frustration.

So, last time it happened my banks changed my cards.

The credit monitoring has got to happen now. I’m tempted to just get it organised myself.

Are there sufficient grounds to leave talk talk based on this?

My mum left talk talk because they are with out doubt the worst company she has ever dealt with. Cut off her phone and the only number she could phone was the bank. This is an 84 yr old lady who is a bit doddery. Vile scumbag company.

Would talk talk of deleted her details?

Don’t worry the Government has your back on this and have a great master plan, which is to ban any company from using strong encryption when storing your data! You couldn’t make this shit up if you tried….

U.K. PM Backpedals On ‘Encryption Ban’, Sort Of

Footflaps – have you heard the latest advice re passwords ? Don’t bother changing them, that’s too hard, just pick a really AWESOME one that you will remember so you can fully engage with the new fantastic and in no way smug and self-justifying Digital world.

My service was switched from TalkTalk to another provider on Wednesday. I’ll still be at risk as my details were still on the system, as will anyone else who has left and their details kept.

Will the year’s worth of credit monitoring be given to all people whose details have been taken, or just those who are still customers?

It’s unlikely I’ll get phishing phone calls though as my number was changed in the switch over.

I suggest a free experian 12month subscription for their 4 million customers. ( or sign up to noddle)

I suggest a free experian 12month subscription for their 4 million customers.

That’s effectively what will be provided to every customer.

I’ll still be at risk as my details were still on the system, as will anyone else who has left and their details kept.

I’ll raise this internally to make sure we’re covering former customers who may have been affected.

*tangent, avoid noddle if you dislike spam, no such thing as a free lunch.

ex customer, ex-tremely hacked off although i understand the requirments to hold data for set periods.

Names? and addresses?
Dates of birth?
Email addresses
Telephone numbers
TalkTalk account information
Credit card and bank details

I’ll still be at risk as my details were still on the system, as will anyone else who has left and their details kept.

The intention is that, where it’s still relevant, we will communicate with everyone potentially affected. That’s why there are a series of channels of communication, including the heavy media and press efforts we did last night (there are a lot of people who haven’t been to bed for the last couple of days on this…).

Thanks for the updates OMITN. I’ve been through similar crisis situations at another telecom company (not a hack – massive database corruption) and it’s not much fun trying to sort it out.

Just listened to someone on R4 explaining that it was a SQL injection attack on the back of a DDOS. I’m far for even an amateur in this field but i thought SQL injection is one of the most basic forms of hacking. Shouldn’t their server have been protected from this?

I was with talktalk until April-ish, will they of kept my details?

We’ve since moved so I doubt talktalk can contact us?

We’ve just been moved to Fleur by Talk talk, I wonder whether they’ve had the same problem?

While I wouldn’t touch TalkTalk with a barge pole, I have to say OMITN is single-handedly doing more for their customer-relations than any spokesman I’ve seen on TV! Well done, sir, chapeau! 😀

Ironic isn’t it after I raised a complaint about scam calls in July and got this reply:-

Dear **** *********,

Further to our recent telephone conversation, I am writing to confirm that we have received your complaint regarding the recent increase in scam calls and emails.

Please rest assured that your sensitive information such as date of birth, bank, or credit card details have not been accessed.

We understand that this may cause you to be concerned but we have taken all appropriate actions to stop this from happening again and would like to reiterate that fraudsters are unable to gain access to either your TalkTalk account or your bank account unless you give them access.

Protecting our customers’ data is our top priority and we take this issue extremely seriously. We ask that you take extra care when anyone phones or emails you claiming to be from TalkTalk, or indeed any other organisation, asking for personal details.

We hope you will accept our sincere apologies for any distress this has caused and confirm that this is our full and final position regarding your complaint.

As a business we work in this type of environment including PCI DSS (PAYMENT CARD INDUSTY DATA SECURITY STANDARD) “if” Talk Talk are compliant with PCI DSS and executing vulnerability scans ASV scans and Pen testing as well as managing file integrity and log managment then it would be difficult to hack anything unless someone has been very stupid – the question that customers should be asking is “if you are compliant with PCI how did this happen” – there are a lot of “compliant” organisations, well they did fill in an SAQ (self assessment questionnaire) stating they are compliant

Some reports that’s it’s a Islamic Cyber Jihadi attack emanating from the Soviet Union. Seem to be related to the website publishing supposed customer details

Not really important who did what, the problem is few businesses take data protection seriously and the ones that do are usually made to do it via financial penalty (ICO PCI DSS etc ) the combination of name address date of birth bank details card details is identity theft heaven and despite what the credit reference agencies say it will take at least six years before you recover from it

There is no system which can’t be hacked by a determined and skilled individual.

That is partially true but they need exploits and open doors and “internal” mismanagement