TalkTalk customers at risk of fraud following hack
Updated October 24th 2015
As Get Safe Online Week draws to a close, TalkTalk customers - and potentially ex-customers - have been left vulnerable to fraud in the wake of what the communications giant’s Chief Executive describes as a “sustained and systematic cyberattack”.
Because the exact nature of the data compromised is not yet known – including whether or not login details have been compromised - Get Safe Online is advising that all customers change their TalkTalk passwords immediately, and also the passwords to other accounts if they you used the same ones. If you are a customer we also urge you to check your bank account immediately and on a regular basis for irregular payments and/or withdrawals, check your TalkTalk accounts and also take up TalkTalk’s offer of free credit reports. Also, be vigilant for unsolicited approaches by phone, email, social media or text claiming to be from TalkTalk, as they may well be scams.
In a statement issued last night, the phone and broadband provider revealed that banking details and personal information of up to four million UK customers could have been accessed in the hack. It is still not clear which customer data has been compromised, but there is a possibility that it includes names and addresses, email addresses, dates of birth, phone numbers, TalkTalk account information and payment card and bank details. Apparently, not all of this data was encrypted.
The company is working with “leading cybercrime specialists” and the Metropolitan Police to establish the exact cause and extent of the breach, and all major banks have been informed. The Metropolitan Police’s Cybercrime Unit has launched a criminal investigation.
Chief Executive Dido Harding, shown here talking on BBC News, said that TalkTalk’s website was now secure again and TV, broadband, mobile and phone services had not been affected by the attack. The TalkTalk sales website and the ‘My account’ services are still down but it is hoped that these will be restored during today.
"We brought down all our websites [on Wednesday] lunchtime and have spent the last 24 hours investigating with the Met Police. It's too early to know exactly what data has been attacked and what has been stolen. Potentially it could affect all of our customers, which is why we are contacting them all by email and we will also write to them as well,” Ms Harding added. She also told the BBC that all customers would have credit reports paid for by the company for the next twelve months.
Many customers have expressed anger that it has taken over 24 hours to notify them, given the potential risk of fraud they face as a result of the attack. This is the third cyberattack affecting TalkTalk customers in the last year.
There is wide speculation about the identity of the hackers, and Ms Harding says that she has received a ransom demand.
Risk of other scams
It is also highly likely that other fraudsters will seize this opportunity to contact people by email, phone call or text, either:
- Claiming to be from TalkTalk, with instructions on how to 'safeguard you from fraud'
- Claiming to be from third-party security or software companies offering advice or a fix
Such contact should be treated as a scam, unless you are absolutely certain that it is a genuine email from TalkTalk. If in doubt, you should contact TalkTalk customer services to check if such an email has been issued.
If you have been a victim of fraud
- Report it to Action Fraud, the UK’s national fraud reporting centre by calling 0300 123 20 40 or by visiting www.actionfraud.police.uk
- Report it to TalkTalk: refer to their website for details via this advice page: http://help2.talktalk.co.uk/oct22incident
Please note: TalkTalk have informed us that they will NOT be phoning customers directly with regards to this breach, therefore treat any call proporting to be from TalkTalk with extreme caution.
By Get Safe Online