Hacked TalkTalk receives ransom demand


Police are investigating a ransom demand sent to telecoms giant TalkTalk following the cyber attack which may have resulted in the theft of millions of customers' bank and credit card details.

The company revealed it had been contacted by someone claiming to be responsible for Wednesday's attack who was seeking payment, but it was not sure if the message was genuine.

A spokesman for Scotland Yard's cyber crime unit, which is investigating the data breach, said: "We are aware of this information and it will form part of our investigation."

Some TalkTalk customers have already complained that their bank accounts and credit cards have been targeted, according to reports.

TalkTalk chief executive Dido Harding said the company had assumed a worst case scenario that all the personal data relating to its four million customers was compromised until they could confirm exactly what was taken.

The phone and broadband provider said it was investigating whether personal details of past as well as present customers were taken.

Baroness Harding told the Press Association: "We have taken the precaution to assume the worst case, which is that all of our customers' personal financial information has been accessed.

"We think that is the most prudent and sensible way to be, to tell all of our customers that now, so that they can protect themselves rather than wait to do the analysis and give a more precise number and cause more concern to people over the long term."

A TalkTalk spokeswoman told PA that its investigation into what had been stolen includes a database of past customers, saying: "We are running the data, we just don't know at the moment."

Amid reports that TalkTalk had been previously been warned by experts about its security, a spokesman for the firm said: "New techniques for attack develop all the time, so TalkTalk constantly updates and reviews our systems to try to stay one step ahead of cyber criminals.

"Since the previous attacks, we are working with world leading cyber security experts and investing a lot in making sure our system is as secure as possible.

"Unfortunately no system is ever totally invincible - there was clearly more that should have been done in this case, and I am very sorry for the worry and frustration this attack has caused our customers."

Baroness Harding told the BBC "the awful truth is I don't know" whether all the data was encrypted, adding: "With the benefit of hindsight, were we doing enough? Well, you've got to say that we weren't and obviously we will be looking back and reviewing that extremely seriously."

The latest breach is the third in a spate of cyber attacks affecting TalkTalk in the last eight months.

In August the company said its mobile sales site was hit by a "sophisticated and co-ordinated cyber attack" in which personal data was breached by criminals.

In February TalkTalk customers were warned about scammers who managed to steal thousands of account numbers and names from the company's computers.

Scotland Yard is investigating alongside the National Crime Agency (NCA) but no arrests have been made.

The Information Commissioner's Office (ICO) said it has been informed of the cyber attack on Thursday, with a spokesman saying: "We will be making inquiries and liaising with the police."

One theory for the motive behind the attack had been Islamic extremism, with one self-proclaimed Jihadi group putting what it said was personal details of TalkTalk customers on a website.

However, the accuracy of the information has not been verified and there was also speculation that blackmailers could be behind the attack.

Professor Mark Skilton, an IT consultant and academic at Warwick Business School, said: "Large-scale data theft is increasingly big business for professional cyber criminals.

"The value of personal identity data records and account details is increasingly high as it can be used in masquerading identity to commit theft of other data; or give direct access to personal bank account money and fraudulent transactions."

TalkTalk's share price plunged 11% on Friday morning, but recovered as the day progressed to close at 4.4% below its opening price.

The company said it is working with credit reporting service Noddle to offer 12 months of credit monitoring alerts for free.