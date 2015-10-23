* Potentially all 4 million TalkTalk customers affected
By Paul Sandle and Eric Auchard
LONDON/FRANKFURT, Oct 23 British broadband
provider TalkTalk said on Friday it had received a
ransom demand from an unidentified party claiming responsibility
for a cyber attack that may have led to the theft of personal
data from its more than 4 million customers.
The data could include credit card and bank details, and if
the theft is confirmed by a police investigation it would be one
of Britain's biggest online security breaches.
"We have been contacted by, I don't know whether it is an
individual or a group, purporting to be the hacker," TalkTalk
Chief Executive Dido Harding told the BBC.
She said the demand for payment came by email into her
corporate account, but she declined to give further details due
to the ongoing police investigation.
Harding said a "very significant" amount of data was stolen,
and she could not confirm whether customers' personal
information was encrypted.
"I am confident a material number of our customers have been
affected, which is why I am taking the precaution of warning all
of our customers," she said.
Jens Monrad, a Copenhagen-based security expert for U.S.
cyber defence firm FireEye, told Reuters that samples of
financial data which appeared to come from TalkTalk customers
had been spotted for sale in cybercriminal forums on the
so-called dark web.
A TalkTalk spokeswoman declined to comment, citing the
police investigation.
The attack is potentially one of the most damaging to hit a
British company, and follows dozens of high-profile cases
targeting retailers and banks in North America.
The details of millions of customers of infidelity website
Ashley Madison were leaked in August after a massive cyber
assault, while Sony Corp's film studios were hit last year.
TalkTalk said late on Thursday there was a chance names,
addresses, dates of birth, phone numbers, email addresses,
TalkTalk account information, credit card details and/or bank
details had been accessed.
"Potentially this could affect all of our customers,"
Harding told the BBC.
THIRD BREACH THIS YEAR
The attack is the third data breach to hit TalkTalk this
year, and experts said it would damage the reputation of the
company, which competes with bigger rivals BT, Virgin
Media and Sky in the broadband market.
"Their brand will be damaged and their customers will say it
is the final straw," said computer security expert Graham
Cluley.
Shares in TalkTalk, which had fallen 7 percent since its
websites went down on Wednesday, fell as much as 8.5 percent on
Friday to a two-year low of 238 pence. They clawed back some of
the losses to close down 4.4 percent at 257 pence.
Some customers took to Twitter to vent their anger.
"I see #talktalk has been hacked again, seriously need to go
to another provider, especially as I find out via BBC and not
TalkTalk," said Cardiff-based user Lan.
Monrad said hackers seeking to exploit the value of stolen
customer data often publish small samples of the data in order
to attract buyers in the underworld who will in turn try and
exploit customer details for financial gain.
"Our field intelligence operation has found what appears to
be a direct dump of various database information from TalkTalk,"
he told Reuters in an interview.
He said the samples FireEye had collected contained specific
bank account and credit card information from what appeared to
be TalkTalk customers.
Harding said the first sign the company was being targeted
came on Wednesday lunchtime, when its website was hit by what
appeared to be a distributed denial of service (DDoS) attack -
where a site is flooded by simultaneous request from multiple
sources. She said the company went public late on Thursday when
it had established that customer data had been compromised.
The Metropolitan Police said its cyber crime unit was
investigating an alleged data theft from a telecommunications
website, without giving details.
Personal data including names, addresses and phone numbers
were stolen from TalkTalk at the start of the year, and in
August servers owned by Carphone Warehouse, the retailer which
founded TalkTalk, were attacked, potentially affecting 480,000
TalkTalk mobile customers.
