In what could be regarded as one of Britain’s biggest online security breaches, British broadband provider TalkTalk confirmed the private payment and bank data of its 4 million customers may have been compromised through a cyberattack, Reuters reported late last week.
Over the weekend, it was reported that the massive data breach could end up costing the company millions.
According to The Telegraph, TalkTalk has been accused of disregarding security vulnerabilities and is now in the process of investigating thousands of cases where its customers have reportedly lost money as a result of the work of cybercriminals.
It was revealed that TalkTalk may have actually been the victim of multiple cyberattacks over the last 10 months, with the latest breach dating back to as early as Sept. 10, The Telegraph reported.
“[The] investigation is ongoing, but unfortunately, there is a chance that some of the following data has been compromised: names, addresses, date of birth, phone numbers, email addresses, TalkTalk account information, credit card details and/or bank details,” the company said in a statement on Thursday (Oct. 22).
Early the next day, TalkTalk said it received a ransom demand from hackers claiming to be responsible for the massive data breach.
“It is hard for me to give you very much detail, but yes, we have been contacted by — I don’t know whether it is an individual or a group — purporting to be the hacker,” TalkTalk CEO Dido Harding told the BBC.
“All I can say is that I had personally received a contact from someone purporting — as I say, I don’t know whether they are or are not — to be the hacker looking for money,” Harding continued.
According to Jens Monrad, a Copenhagen-based security expert at FireEye, samples of the financial data that appeared to be part of the stolen information from TalkTalk customers was available for purchase on various cybercriminal forums on the dark Web, Reuters reported.
While TalkTalk, with the help of cybercriminal experts and the metropolitan police, continues to pursue the source of the attack, many theories have surfaced about the data breach.
The New York Times reported that Adrian Culley, a former Scotland Yard cybercrime unit detective, told the BBC an Islamist group may be behind the cyberattack, but he provided no evidence to back up the theory.
A TalkTalk spokeswoman declined to comment, citing the ongoing police investigation.
In TalkTalk’s statement about the breach, Harding said, “TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cybercrime, impacting an increasing number of individuals and organizations. We take any threat to the security of our customers’ data extremely seriously, and we are taking all the necessary steps to understand what has happened here. As a precaution, we are contacting all our customers straight away with information, support and advice around yesterday’s attack.”
To check out what else is HOT in the world of payments, click here.