This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/news/uk-34615226
The article has changed 9 times. There is an RSS feed of changes available.
| Version 5 | Version 6 |
|---|---|
| TalkTalk cyber-attack: Boss 'receives ransom email' | TalkTalk cyber-attack: Boss 'receives ransom email' |
| (35 minutes later) | |
| The head of TalkTalk says she has had an email demanding a ransom from a group purporting to be behind the cyber-attack suffered by the company. | The head of TalkTalk says she has had an email demanding a ransom from a group purporting to be behind the cyber-attack suffered by the company. |
| Chief executive Dido Harding said she did not know whether the ransom email was genuine. | Chief executive Dido Harding said she did not know whether the ransom email was genuine. |
| The phone and broadband provider said personal and banking details of up to four million customers may have been accessed in the "significant" attack. | The phone and broadband provider said personal and banking details of up to four million customers may have been accessed in the "significant" attack. |
| The Met Police said the email was "forming part of its investigations". | The Met Police said the email was "forming part of its investigations". |
| "It is hard for me to give you very much detail, but yes, we have been contacted by, I don't know whether it is an individual or a group, purporting to be the hacker," Ms Harding told the BBC's business editor Kamal Ahmed. | "It is hard for me to give you very much detail, but yes, we have been contacted by, I don't know whether it is an individual or a group, purporting to be the hacker," Ms Harding told the BBC's business editor Kamal Ahmed. |
| "All I can say is that I had personally received a contact from someone purporting - as I say I don't know whether they are or are not - to be the hacker looking for money." | "All I can say is that I had personally received a contact from someone purporting - as I say I don't know whether they are or are not - to be the hacker looking for money." |
| 'Worry and concern' | 'Worry and concern' |
| TalkTalk said it was too early to know exactly who had been affected by the attack, which happened on Wednesday. | TalkTalk said it was too early to know exactly who had been affected by the attack, which happened on Wednesday. |
| Former customers of Talk Talk may also be affected by the computer hack, and it was not known whether the information seized by the hackers was encrypted, Ms Harding added. | |
| She said the company was "rushing to communicate with customers" but that it would take 36 to 48 hours to email all of them. | She said the company was "rushing to communicate with customers" but that it would take 36 to 48 hours to email all of them. |
| What should you do if you think you're at risk? | What should you do if you think you're at risk? |
| TalkTalk hack: What should I do? | TalkTalk hack: What should I do? |
| In a statement, the company said that a criminal investigation had been launched on Thursday. | In a statement, the company said that a criminal investigation had been launched on Thursday. |
| The Metropolitan Police, which is investigating, said no-one had been arrested over Wednesday's attack but inquiries were ongoing. | The Metropolitan Police, which is investigating, said no-one had been arrested over Wednesday's attack but inquiries were ongoing. |
| TalkTalk said there was a chance that some of the following customer data, not all of which was encrypted, had been accessed: | TalkTalk said there was a chance that some of the following customer data, not all of which was encrypted, had been accessed: |
| In the wake of the news, the company's share price initially fell to its lowest level since August 2013, but later recovered and by 14:30 BST it was only 2% lower. | In the wake of the news, the company's share price initially fell to its lowest level since August 2013, but later recovered and by 14:30 BST it was only 2% lower. |
| Cyber security consultant and former Scotland Yard detective Adrian Culley told BBC Radio 4's Today programme that a Russian Islamist group had posted online saying it carried out the attack. | Cyber security consultant and former Scotland Yard detective Adrian Culley told BBC Radio 4's Today programme that a Russian Islamist group had posted online saying it carried out the attack. |
| He said hackers claiming to be a cyber-jihadi group had posted data which appeared to be TalkTalk customers' private information - although he stressed their claim was yet to be verified or investigated. | He said hackers claiming to be a cyber-jihadi group had posted data which appeared to be TalkTalk customers' private information - although he stressed their claim was yet to be verified or investigated. |
| Analysis | Analysis |
| By Rory Cellan-Jones, BBC technology correspondent | By Rory Cellan-Jones, BBC technology correspondent |
| Cyber-attacks on consumer companies happen with mounting frequency, but TalkTalk's speedy decision to warn all of its customers that their vital data is at risk suggests that this one is very serious indeed. | Cyber-attacks on consumer companies happen with mounting frequency, but TalkTalk's speedy decision to warn all of its customers that their vital data is at risk suggests that this one is very serious indeed. |
| We are being told that this was what's called a DDoS - a distributed denial of service attack - where a website is hit by waves of traffic so intense that it cannot cope. What is not clear is why this would result in the loss of data rather than just the site going down. One suggestion is that the DDoS was a means of distracting TalkTalk's defence team while the criminals went about their work. | We are being told that this was what's called a DDoS - a distributed denial of service attack - where a website is hit by waves of traffic so intense that it cannot cope. What is not clear is why this would result in the loss of data rather than just the site going down. One suggestion is that the DDoS was a means of distracting TalkTalk's defence team while the criminals went about their work. |
| I'm assured that TalkTalk customers' details, including banking information, were all being held in the UK rather than in some overseas data centre. What is less clear is the extent to which that data was encrypted. | I'm assured that TalkTalk customers' details, including banking information, were all being held in the UK rather than in some overseas data centre. What is less clear is the extent to which that data was encrypted. |
| For TalkTalk, the cost to its reputation is likely to be very serious. Now it is going to have to reassure its customers that its security practices are robust enough to regain their trust. | For TalkTalk, the cost to its reputation is likely to be very serious. Now it is going to have to reassure its customers that its security practices are robust enough to regain their trust. |
| TalkTalk said the website was now secure again and that TV, broadband, mobile and phone services had not been affected by the attack. | TalkTalk said the website was now secure again and that TV, broadband, mobile and phone services had not been affected by the attack. |
| The sales website and the "My account" services are still down but the company hopes to restore them on Friday. | The sales website and the "My account" services are still down but the company hopes to restore them on Friday. |
| Customers have expressed their frustration at what is the third cyber-attack to affect TalkTalk over the past 12 months. | Customers have expressed their frustration at what is the third cyber-attack to affect TalkTalk over the past 12 months. |
| Sara Jones, from East Sussex, said: "TalkTalk's online advice is not proportionate to what has happened. Telling customers to 'keep an eye on accounts' just does not cut it in terms of advice." | Sara Jones, from East Sussex, said: "TalkTalk's online advice is not proportionate to what has happened. Telling customers to 'keep an eye on accounts' just does not cut it in terms of advice." |
| Daniel Musgrove, from Powys, said he had been unable to get through to TalkTalk customer services. | Daniel Musgrove, from Powys, said he had been unable to get through to TalkTalk customer services. |
| "They may not get a payment for my next bill if they don't get this sorted," he added. | "They may not get a payment for my next bill if they don't get this sorted," he added. |
| Meanwhile, the Information Commissioner Christopher Graham told Radio 4's The World at One programme that Talk Talk should have alerted his office sooner. | Meanwhile, the Information Commissioner Christopher Graham told Radio 4's The World at One programme that Talk Talk should have alerted his office sooner. |
| "The Information Commissioner was only informed about this at 4.30pm yesterday afternoon. I wish we'd heard a little bit earlier and we could have been more 'out there', giving advice to consumers about what they need to protect their personal information," he said. | "The Information Commissioner was only informed about this at 4.30pm yesterday afternoon. I wish we'd heard a little bit earlier and we could have been more 'out there', giving advice to consumers about what they need to protect their personal information," he said. |
| In August, the company revealed its mobile sales site had been targeted and personal data breached. | In August, the company revealed its mobile sales site had been targeted and personal data breached. |
| And in February, TalkTalk customers were warned about scammers who had managed to steal thousands of account numbers and names. The attacks are understood to be unrelated. | And in February, TalkTalk customers were warned about scammers who had managed to steal thousands of account numbers and names. The attacks are understood to be unrelated. |
| TalkTalk said it had contacted the major banks asking them to look out for any suspicious activity on customers' accounts. It added that every customer would be getting a year's free credit monitoring. | TalkTalk said it had contacted the major banks asking them to look out for any suspicious activity on customers' accounts. It added that every customer would be getting a year's free credit monitoring. |
| Are you a TalkTalk customer? If you have any information to share with the BBC, you can email haveyoursay@bbc.co.uk. | Are you a TalkTalk customer? If you have any information to share with the BBC, you can email haveyoursay@bbc.co.uk. |
| Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways: | Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways: |
| Or use the form below | Or use the form below |