One month after the cyber-attack on TalkTalk, reports are now suggesting that just under 157,000 customer's personal details have been accessed, and around 15,600 bank account numbers and sort codes.
Four individuals have been arrested, three of whom are aged 16 and under. Business Insider India claims to have spoken to the group of hackers prior to police involvement, (article here: http://bit.ly/1WMutSa) and Channel 4 News says that they spoke with a number of sources afterwards (article here: http://bit.ly/1SIrzYF).
In both articles, it is implied that the group responsible was an informal gathering of 'script kiddies' (otherwise known as skids or skiddies). Far from being experienced hackers, skiddies generally use basic hacking techniques- in this case, a Google search. If this is true (and at present, there is no proof either way) it exposes serious shortcomings with TalkTalk's computer security.
So how do you protect against hackers?
There is no single solution to hacking; it can happen to any broadband provider, or any company at all. The best that businesses can do is regularly review and test their security systems.
There are preventative measures that can be taken, such as a device usage policy in the workplace, and software which blocks devices visiting high-risk or insecure sites. You can also ensure that personal devices aren't permitted to connect to your network, to prevent malware entering from outside sources.
What should TalkTalk customers do?
TalkTalk customers are advised to monitor their accounts closely. Although the back details that could have been accessed would not have been sufficient to withdraw money from your account, identity theft is a possibility. Watch your bank accounts, and stay up to date with TalkTalk.
Once you have access to your TalkTalk account, make sure that you change your password. If you use the same password for any other accounts, you should change those too.
Information leaked could have been sold on the Dark Web (a group of websites which are difficult to trace). You could be contacted by someone quoting what seems like trustworthy information (your TalkTalk account number, name, address etc.) who claims that you're eligible for a ''hack refund'' - (read about one scam here: http://bit.ly/1LZCKrj).
Be wary of anyone contacting you directly via email, or more likely telephone about the hack. If you are wary about a caller, hang up, call a friend to check you've been disconnected (because the caller could be sitting on the line, more info here: http://bbc.in/1iLQLRc) and then contact TalkTalk directly.
If you give away your bank details, you will not be refunded by your bank or TalkTalk - because technically the blame lies with you.
What will happen next?
TalkTalk are offering a free upgrade to all customers as a goodwill gesture. This can be TV content, a mobile SIM, a home phone deal or a broadband check. These will not extend your contract with TalkTalk.
They are also offering those customers who have lost money as a direct result of the hack, and not a phishing scam, to leave TalkTalk with no contract termination fee. This has not been extended to customers who have not been affected but still want to leave.
Some law firms do believe that there may be a case for customers who had their personal details stolen to claim compensation. However, no legal action has been successful as of yet.
If you need help with your security systems, give us a call on 0191 482 0444.
