TalkTalk, the UK phone and broadband provider, may have left its customers exposed to hackers due to a lack of stable web security measures once again.
TalkTalk issued a warning to its 4 million customers on Thursday that attackers may have gained access to their personal information. Information that may have been exposed to the hackers include names, credit card numbers, personal addresses, bank details, phone numbers, birth dates, email addresses and TalkTalk account information, making the users vulnerable to identity theft and possible victims of credit card fraud. The company acknowledged that not all of the data was encrypted so there would be no difficulties for the hackers to read the data. TalkTalk is not one hundred percent certain that any data was actually accessed from the attack.
Who is responsible for the TalkTalk attack?
TalkTalk does not know who is responsible for the hack but have confirmed that there has been a ransom demand from a group claiming to be behind the attack. TalkTalk spokesperson told CNN “We can confirm that TalkTalk was contacted by someone claiming to be responsible and seeking payment.”
Thus far, no arrests have been made; the Metropolitan Police Cyber Crime Unit has said that the investigation is ongoing.
Attacks are increasing every day
There seems to be an increase in the number of sophisticated hacks on companies such as Target, Home Depot and Carphone Warehouse. TalkTalk has been hit twice in the past 12 months, the first one was last December. The increase of severe hacks could indicate a price increase as the cost of cyber theft insurance would increase to ensure the company’s protection.
The attack could also expose TalkTalk customers to the risk of identity theft and resulting fraudulent activity. Identity theft risks factors include the hackers impersonating people or companies, potentially using the information to fraudulently gather passwords and personal information that could leave their accounts exposed and open to theft. TalkTalk warned customers to watch their bank accounts carefully for evidence of fraudulent or even just suspicious activity, and it is currently offering their clients a year of free credit monitoring.
What is being done to prevent attacks?
The company made attempts to reassure customers that they are working on security to prevent such attacks in future. “TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cybercrime, impacting an increasing number of individuals and organizations,” CEO Dido Harding said in a statement. “We take any threat to the security of our customers’ data extremely seriously, and we are taking all the necessary steps to understand what has happened here.”
HP has criticized TalkTalk for not making data encryption a priority.
“If data is left unprotected, it’s not a matter of ‘if’ it will be compromised, it’s a matter of ‘when’,” said Andy Heather, vice president at HP Security. Companies should assume that all web security measures will fail and therefore focus on protecting the data itself. If TalkTalk had done this, he said, the “attackers would have ended up with unusable encrypted data.”
TalkTalk has outlined on its website all the steps the clients can take to ensure their information is secure as possible.
We’re in the midst of a tech-oriented age, and personal web security is crucial to preserving and keeping all data and personal information secure. The internet has made information widespread and that often includes even your personal information.
Here are a few things to do to avoid identity theft: back up all personal information such as regular backing up of passwords, financial information on to non-remote hardware like hard drives that are not always connected to your personal computer, use safe and secure internet protocols, offline and online security measures (security suites, anti-virus software, malware detection software, etc.), scan your computer at regular intervals, do not bookmark banking web pages and securely encrypt credit card information.
Akamai provides advanced cloud security solutions that allow you to secure your website and online platform and reduce the risk of downtime and data theft from DDoS attacks without compromising web performance.