This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.theguardian.com/business/2015/oct/24/talktalk-attack-government-urged-to-do-more-on-cybercrime

The article has changed 4 times. There is an RSS feed of changes available.

Version 0 Version 1
TalkTalk attack: government urged to do more on cyber​​crime TalkTalk attack: government urged to do more on cyber​​crime
(35 minutes later)
A leading business group has urged the government to take more action on cybercrime after hackers seized the personal information and bank details of up to 4 million TalkTalk customers.A leading business group has urged the government to take more action on cybercrime after hackers seized the personal information and bank details of up to 4 million TalkTalk customers.
Police are investigating a ransom demand sent to the telecoms company after its chief executive, Dido Harding, said a person claiming to be the hacker had contacted her directly and demanded money in exchange for the data.Police are investigating a ransom demand sent to the telecoms company after its chief executive, Dido Harding, said a person claiming to be the hacker had contacted her directly and demanded money in exchange for the data.
Oliver Parry, the Institute of Directors’ senior corporate governance adviser, told the BBC that police should make cybercrime an urgent priority, but added that companies “are ultimately responsible for protecting their customers’ data”.Oliver Parry, the Institute of Directors’ senior corporate governance adviser, told the BBC that police should make cybercrime an urgent priority, but added that companies “are ultimately responsible for protecting their customers’ data”.
There have been questions about how well TalkTalk secured its customers’ data after Harding admitted that she did not know whether details including names, addresses and bank account numbers were encrypted. It was the company’s third major data breach in the past year.There have been questions about how well TalkTalk secured its customers’ data after Harding admitted that she did not know whether details including names, addresses and bank account numbers were encrypted. It was the company’s third major data breach in the past year.
Related: TalkTalk hacking crisis deepens as more details emergeRelated: TalkTalk hacking crisis deepens as more details emerge
Parry said: “The risks need to be reviewed regularly by the board of directors, who must ensure they know where the potential threats are coming from and are prepared in case the worst happens.Parry said: “The risks need to be reviewed regularly by the board of directors, who must ensure they know where the potential threats are coming from and are prepared in case the worst happens.
“The UK is a world leader in the digital economy, so we urge the government and companies to work together to make us the world leader in countering the scourge of cybercrime.”“The UK is a world leader in the digital economy, so we urge the government and companies to work together to make us the world leader in countering the scourge of cybercrime.”
Professor Mark Skilton, an IT consultant and academic at Warwick Business School, said: “Large-scale data theft is increasingly big business for professional cybercriminals.Professor Mark Skilton, an IT consultant and academic at Warwick Business School, said: “Large-scale data theft is increasingly big business for professional cybercriminals.
“The value of personal identity data records and account details is increasingly high as it can be used in masquerading identity to commit theft of other data; or give direct access to personal bank account money and fraudulent transactions.”“The value of personal identity data records and account details is increasingly high as it can be used in masquerading identity to commit theft of other data; or give direct access to personal bank account money and fraudulent transactions.”
Proof of adequate cyber security could be made a condition of government contracts, said Hazel Blears, the former MP who has been counter-terrorism minister and the parliamentary intelligence and security committee.
She said the UK had been “a little bit tardy” in waking up to the scale of the threat but must now seek tougher rules to ensure data was protected.
“The time is rapidly approaching when we have got to have a debate in this country about do we expect companies who are holding massive amounts of public data to be able to show that they are putting in place the necessary security precautions ... about whether there needs to be a better regulatory framework,” Blears told BBC Radio 4’s Today.
“We could do it through a code, we could do it through government contracting. We have got our critical national infrastructure to protect - power, water, all of those things that are vital to the country. We could say to companies: we are not going to contract with you unless we are absolutely certain that you have taken the necessary measures.”
Claims by customers that TalkTalk had covered up the seriousness of the attack should be investigated, said Keith Vaz, chairman of the home affairs select committee.Claims by customers that TalkTalk had covered up the seriousness of the attack should be investigated, said Keith Vaz, chairman of the home affairs select committee.
He told the Daily Telegraph: “Suggestions that TalkTalk has covered up both the scale and duration of this attack are alarming and unacceptable and must be thoroughly investigated. When such sensitive data as bank details have been compromised, companies have a duty to warn customers immediately.”He told the Daily Telegraph: “Suggestions that TalkTalk has covered up both the scale and duration of this attack are alarming and unacceptable and must be thoroughly investigated. When such sensitive data as bank details have been compromised, companies have a duty to warn customers immediately.”
The company said the allegation was unfair.The company said the allegation was unfair.
A spokesman said: “We haven’t been covering up anything. We went public with this within 36 hours. It’s not easy to go much quicker. We cannot be accused of trying to hide the scale of this. That is deeply unfair.”A spokesman said: “We haven’t been covering up anything. We went public with this within 36 hours. It’s not easy to go much quicker. We cannot be accused of trying to hide the scale of this. That is deeply unfair.”
Some TalkTalk customers have already complained that their bank accounts and credit cards have been targeted. The phone and broadband provider said it was assuming a worst-case scenario and investigating whether details of past as well as present customers were stolen.Some TalkTalk customers have already complained that their bank accounts and credit cards have been targeted. The phone and broadband provider said it was assuming a worst-case scenario and investigating whether details of past as well as present customers were stolen.
“We have taken the precaution to assume the worst case, which is that all of our customers’ personal financial information has been accessed,” Harding said.“We have taken the precaution to assume the worst case, which is that all of our customers’ personal financial information has been accessed,” Harding said.
“We think that is the most prudent and sensible way to be, to tell all of our customers that now, so that they can protect themselves rather than wait to do the analysis and give a more precise number and cause more concern to people over the long term.”“We think that is the most prudent and sensible way to be, to tell all of our customers that now, so that they can protect themselves rather than wait to do the analysis and give a more precise number and cause more concern to people over the long term.”
Amid reports that TalkTalk had been previously been warned by experts about its security, a spokesman for the company said: “New techniques for attack develop all the time, so TalkTalk constantly updates and reviews our systems to try to stay one step ahead of cybercriminals.Amid reports that TalkTalk had been previously been warned by experts about its security, a spokesman for the company said: “New techniques for attack develop all the time, so TalkTalk constantly updates and reviews our systems to try to stay one step ahead of cybercriminals.
“Since the previous attacks, we are working with world leading cybersecurity experts and investing a lot in making sure our system is as secure as possible.“Since the previous attacks, we are working with world leading cybersecurity experts and investing a lot in making sure our system is as secure as possible.
“Unfortunately no system is ever totally invincible – there was clearly more that should have been done in this case, and I am very sorry for the worry and frustration this attack has caused our customers.”“Unfortunately no system is ever totally invincible – there was clearly more that should have been done in this case, and I am very sorry for the worry and frustration this attack has caused our customers.”
Scotland Yard is investigating alongside the National Crime Agency but no arrests have been made.Scotland Yard is investigating alongside the National Crime Agency but no arrests have been made.
The Information Commissioner’s Office said it has been informed of the cyber-attack on Thursday, with a spokesman saying: “We will be making inquiries and liaising with the police.”The Information Commissioner’s Office said it has been informed of the cyber-attack on Thursday, with a spokesman saying: “We will be making inquiries and liaising with the police.”
TalkTalk’s share price plunged 11% on Friday morning, but recovered to close down just 4.4%. The company said it was working with credit reporting service Noddle to offer customers free credit monitoring alerts for 12 months.TalkTalk’s share price plunged 11% on Friday morning, but recovered to close down just 4.4%. The company said it was working with credit reporting service Noddle to offer customers free credit monitoring alerts for 12 months.