This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/news/uk-34611857
The article has changed 13 times. There is an RSS feed of changes available.
| Version 10 | Version 11 |
|---|---|
| TalkTalk cyber-attack: Website hit by 'significant' breach | TalkTalk cyber-attack: Website hit by 'significant' breach |
| (35 minutes later) | |
| Police are investigating a "significant and sustained cyber-attack" on the TalkTalk website, the UK company says. | Police are investigating a "significant and sustained cyber-attack" on the TalkTalk website, the UK company says. |
| The phone and broadband provider, which has over four million UK customers, said banking details and personal information could have been accessed. | The phone and broadband provider, which has over four million UK customers, said banking details and personal information could have been accessed. |
| TalkTalk said potentially all customers could be affected but it was too early to know what data had been stolen. | TalkTalk said potentially all customers could be affected but it was too early to know what data had been stolen. |
| The Metropolitan Police said no-one had been arrested over Wednesday's attack but enquiries were ongoing. | The Metropolitan Police said no-one had been arrested over Wednesday's attack but enquiries were ongoing. |
| TalkTalk said in a statement that a criminal investigation had been launched on Thursday. | TalkTalk said in a statement that a criminal investigation had been launched on Thursday. |
| It said there was a chance that some of the following customer data, not all of which was encrypted, had been accessed: | It said there was a chance that some of the following customer data, not all of which was encrypted, had been accessed: |
| In the wake of the news, the company's share price dropped by 10% in the first few hours after the London stock exchange opened at 08:00 BST. | |
| Cyber security consultant and former Scotland Yard detective Adrian Culley told BBC Radio 4's Today programme that a Russian Islamist group had posted online to claim responsibility for the attacks. | Cyber security consultant and former Scotland Yard detective Adrian Culley told BBC Radio 4's Today programme that a Russian Islamist group had posted online to claim responsibility for the attacks. |
| He said hackers claiming to be a cyber-jihadi group had posted data which appeared to be TalkTalk customers' private information - although he stressed their claim was yet to be verified or investigated. | He said hackers claiming to be a cyber-jihadi group had posted data which appeared to be TalkTalk customers' private information - although he stressed their claim was yet to be verified or investigated. |
| Dido Harding, chief executive of the TalkTalk group, told BBC News the authorities were investigating and she could not comment on the claims. | Dido Harding, chief executive of the TalkTalk group, told BBC News the authorities were investigating and she could not comment on the claims. |
| Analysis | Analysis |
| By Rory Cellan-Jones, BBC technology correspondent | By Rory Cellan-Jones, BBC technology correspondent |
| Cyber-attacks on consumer companies happen with mounting frequency, but TalkTalk's speedy decision to warn all of its customers that their vital data is at risk suggests that this one is very serious indeed. | Cyber-attacks on consumer companies happen with mounting frequency, but TalkTalk's speedy decision to warn all of its customers that their vital data is at risk suggests that this one is very serious indeed. |
| We are being told that this was what's called a DDoS - a distributed denial of service attack - where a website is hit by waves of traffic so intense that it cannot cope. What is not clear is why this would result in the loss of data rather than just the site going down. One suggestion is that the DDoS was a means of distracting TalkTalk's defence team while the criminals went about their work. | We are being told that this was what's called a DDoS - a distributed denial of service attack - where a website is hit by waves of traffic so intense that it cannot cope. What is not clear is why this would result in the loss of data rather than just the site going down. One suggestion is that the DDoS was a means of distracting TalkTalk's defence team while the criminals went about their work. |
| I'm assured that TalkTalk customers' details, including banking information, were all being held in the UK rather than in some overseas data centre. What is less clear is the extent to which that data was encrypted. | I'm assured that TalkTalk customers' details, including banking information, were all being held in the UK rather than in some overseas data centre. What is less clear is the extent to which that data was encrypted. |
| For TalkTalk, the cost to its reputation is likely to be very serious. Now it is going to have to reassure its customers that its security practices are robust enough to regain their trust. | For TalkTalk, the cost to its reputation is likely to be very serious. Now it is going to have to reassure its customers that its security practices are robust enough to regain their trust. |
| The TalkTalk website was now secure again and TV, broadband, mobile and phone services had not been affected by the attack, she added. | |
| The sales website and the "My account" services are still down but the company hopes to restore them on Friday. | The sales website and the "My account" services are still down but the company hopes to restore them on Friday. |
| Ms Harding added: "It's too early to know exactly what data has been attacked and what has been stolen," she said. | Ms Harding added: "It's too early to know exactly what data has been attacked and what has been stolen," she said. |
| "Potentially it could affect all of our customers, which is why we are contacting them all by email and we will also write to them as well." | "Potentially it could affect all of our customers, which is why we are contacting them all by email and we will also write to them as well." |
| However, customers have expressed their frustration with what is the third cyber-attack to affect TalkTalk over the past 12 months. | However, customers have expressed their frustration with what is the third cyber-attack to affect TalkTalk over the past 12 months. |
| Sara Jones, from East Sussex, said she found out about the breach in the news. | Sara Jones, from East Sussex, said she found out about the breach in the news. |
| "I have not received a single piece of correspondence. The level of information is lacking. And to think this is Get Safe Online Week! | "I have not received a single piece of correspondence. The level of information is lacking. And to think this is Get Safe Online Week! |
| "TalkTalk's online advice is not proportionate to what has happened. Telling customers to "keep an eye on accounts" just does not cut it in terms of advice." | "TalkTalk's online advice is not proportionate to what has happened. Telling customers to "keep an eye on accounts" just does not cut it in terms of advice." |
| Daniel Musgrove, from Powys, said he had been unable to get through to TalkTalk customer services. | Daniel Musgrove, from Powys, said he had been unable to get through to TalkTalk customer services. |
| "They may not get a payment for my next bill if they don't get this sorted," he added. | "They may not get a payment for my next bill if they don't get this sorted," he added. |
| In August, the company revealed its mobile sales site had been targeted and personal data breached. | In August, the company revealed its mobile sales site had been targeted and personal data breached. |
| And in February, TalkTalk customers were warned about scammers who had managed to steal thousands of account numbers and names. | And in February, TalkTalk customers were warned about scammers who had managed to steal thousands of account numbers and names. |
| Ms Harding said: "Unfortunately cybercrime is the crime of our generation. Can our defences be stronger? Absolutely. Can every company's defences be stronger? | Ms Harding said: "Unfortunately cybercrime is the crime of our generation. Can our defences be stronger? Absolutely. Can every company's defences be stronger? |
| "I'm a customer myself of Talk Talk, I've been a victim of this attack." | "I'm a customer myself of Talk Talk, I've been a victim of this attack." |
| What should you do if you think you're at risk? | What should you do if you think you're at risk? |
| TalkTalk said it had contacted the major banks asking them to look out for any suspicious activity on customers' accounts. It added that every customer would be getting a year's free credit monitoring. | TalkTalk said it had contacted the major banks asking them to look out for any suspicious activity on customers' accounts. It added that every customer would be getting a year's free credit monitoring. |
| Ms Harding said: "The biggest risk is that customers' details have been stolen and criminals try to impersonate them." | Ms Harding said: "The biggest risk is that customers' details have been stolen and criminals try to impersonate them." |
| Professor Peter Sommer, an expert an cyber security, said TalkTalk's rapid growth could be to blame for the breaches. | Professor Peter Sommer, an expert an cyber security, said TalkTalk's rapid growth could be to blame for the breaches. |
| "They are acquiring more customers and each of those customers wants to do more things and so they have to increase their capacity... but that's an expensive exercise," he told the BBC. | "They are acquiring more customers and each of those customers wants to do more things and so they have to increase their capacity... but that's an expensive exercise," he told the BBC. |
| Are you a TalkTalk customer? If you have any information to share with the BBC, you can email haveyoursay@bbc.co.uk. | Are you a TalkTalk customer? If you have any information to share with the BBC, you can email haveyoursay@bbc.co.uk. |
| Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways: | Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways: |
| Or use the form below | Or use the form below |