A ransom demand has been received by ISP TalkTalk following a major cyber attack in which hackers may have seen sensitive customer data.
Credit card and bank account details could have been stolen in a “significant and sustained” attack on the TalkTalk website.
The company says customer names, dates of birth, addresses and phone numbers may also have been accessed.
Police are investigating, while the company’s four million customers are being urged to check their accounts for any suspicious activity “over the next few months” and change their passwords.
A TalkTalk spokeswoman said: “We can confirm we were contacted by someone claiming to be responsible and seeking payment.”
TalkTalk said potentially all customers could be affected but it was too early to know what data had been stolen.
TalkTalk said in a statement that a criminal investigation had been launched on Thursday.
It said there was a chance that some of the following customer data, not all of which was encrypted, had been accessed:
- Names and addresses
- Dates of birth
- Email addresses
- Telephone numbers
- TalkTalk account information
- Credit card and bank details
In the wake of the news, the company’s share price dropped by 10% in the first few hours after the London stock exchange opened at 08:00 BST.
Cyber security consultant and former Scotland Yard detective Adrian Culley told BBC Radio 4’s Today programme that a Russian Islamist group had posted online to claim responsibility for the attacks.
Analysis- Real time detection needed
In response to the breaking story that TalkTalk has been breached, Dave Larson, CTO at Corero Network Security, offered the following insight: “The significant cyber-related attacks against TalkTalk have the tell-tale markings of an aggressive DDoS attack. Statements from the Company, fearfully indicate that this ‘sustained cyber attack’ may include data breach activity in addition to the outages customers are experiencing.
“More frequently exfiltration of personal data comes on the heels of a DDoS attack, as this activity can be used to map or profile a network’s existing security defenses, pinpointing holes in security or vulnerabilities to exploit. An onslaught of DDoS attack activity follows, distracting IT personnel, overwhelming data logging tools and masking other nefarious attack attempts.
“The modern DDoS attack has become more than just a threat or impact to availability, it has evolved to a security implication. TalkTalk has been quite proactive in notifying their customers of the service outage, yet details on the impact have been scarce.
“Internet Service Providers, due to their significant subscriber base, and excessive bandwidth capacity must be better prepared for DDoS attacks with real-time detection and mitigation solutions to remove the attack traffic before it ever have the chance to permeate the network. In doing so, Service availability is maintained, and personally identifiable data remains better protected.”
TalkTalk breach shows that UK Plc needs to get ‘Security Serious’
Yvonne Eskenzi, organiser of Security Serious Week, which kicks off next week said: “Cyber attacks, like the one suffered by TalkTalk, are just going to increase in severity and frequency. TalkTalk is just the latest in a long line of companies who’ve been targeted and come up short – Carphone Warehouse, Experian, these are huge companies struggling to keep the hackers out of their databases. I firmly believe that the only way we’re going to be able to prevent these incidents is to stop working in silos and come together to share expertise and experiences to make the internet a safe place to trade on line.
“That’s why I’m spear heading next week’s Security Week – a week long timetable of conferences, workshops, training sessions and webinars, all free of charge, starting on Monday aimed at educating users in a number of security disciplines – presenting by dozens of the UK’s top cyber-security experts. Security Serious is all about those that can’t, learning from those that can – it’s simple really. Leading experts conveying their words of wisdom and industry best practices to those people and organisations who want to become more security savvy.”