Poor old TalkTalk can't seem to catch a break at the moment. Yet again - for the third time in 12 months - it has been hit by a cyber attack and this one could affect millions of UK customers.
The attack has been described as "significant and sustained," with private customer information potentially stolen by those responsible, including phone numbers, email addresses and credit card information.
In light of the new, various industry professionals have offered their thoughts and analysis.
Willy Leichter, Global Director of Security Strategy at CipherCloud:
“What’s unfortunate is that this is Carphone Warehouse’s third highly publicised breach and its second of this year. The response is a bit déjà vu too. The company says that it ‘constantly review[s] and update[s] our systems to make sure they are as secure as possible’ but how thoroughly are they protecting their systems if they have yet to encrypt customer details? It seems as if Carphone Warehouse is trying to score points off style over substance. The only improvement this time is that they are notifying customers quicker.”
Richard Parris, CEO at Intercede:
“The news that TalkTalk customers have once again been impacted by a data breach should be a wakeup call for all companies serving consumers and storing their personal data. In an independent survey of 2,000 16-35 year old consumers it was revealed that very few place any significant trust in companies’ ability to protect their personal data. For telecommunications operators, 40 per cent described their level of trust as ‘none’ or ‘a little’.
“It really is time that these major businesses gave the issue the attention it deserves – they need to stop relying on simple password-based authentication and to start applying enterprise grade solutions. Protecting customers’ private data should be a top priority for any organisation. Failure to demonstrate that adequate safeguards are in place will inevitably result in customers, and revenues, disappearing.”
Richard Brown, Director EMEA Channels & Alliances at Arbor Networks:
"This is just the most recent attack in what is a long line of breaches against large well-known organisations storing huge volumes of at-risk customer data. Dido Harding already reiterated that cybercrime is the ‘crime of our generation’, something the that ONS realised last week when it was included in its official crime report for the first time.
"All organisations should view this attack as the latest warning that they need to sit up and realise that cybercrime is now one of the biggest threats to their reputation, profitability and customer base. Tools and processes should be put in place to protect the network and deal with any issues if an attack does occur. As the wide range of organisations shows – any business is at risk. However, customers need to also take responsibility for their personal data. Simple steps can be taken to reduce the impact to them if such attacks do occur such as using different passwords for different accounts."
Richard Beck, head of cyber security at QA:
“Breaking news of the DDoS attack against Talk Talk underlines the fact cyber crime is a clear and present danger to all businesses. Regardless of size, industry or geography cyber crime knows no boundaries. When it comes to mitigating the risk of a cyber attack, organisations should take the following approach - detect, defer, defend.
"A key element of this preparation is ensuring that employees have a good understanding of the threat landscape together with the steps they can take to help keep these increasingly sophisticated and determined cyber criminals at bay."
Raj Samani, CTO for Intel Security EMEA:
“Initial reporting suggests that this attack leveraged DDoS as a potential smokescreen to hide the cyber criminals ultimate goal – data theft on a huge scale. While it is too early to draw conclusions, we know from previous incidences, such as Operation Troy, that this tactic has been successfully used in the past. Whatever the attack method used, potentially affected customers will understandably be more concerned with finding out whether their data has been compromised.
"Data breaches and hacks are hitting the headlines on a regular basis, leaving swathes of sensitive customer details in the hands of criminals. Businesses should be ensuring the right security measures are in place to effectively protect this information.
"Affected organisations are learning that a quick reaction is vital – recognising when a data breach has occurred and moving quickly to inform customers is key if they are going to stop cyber criminals from exploiting any stolen data."
Hugo Plowman, a fraud lawyer at Mishcon de Reya
"Large scale cyber-attacks such as this are becoming more and more common and at the same time increasingly sophisticated and complicated. In this instance, it is noteworthy how quickly TalkTalk has responded, although of course this is not the first time its systems have been hacked and is a sign, perhaps, that its alarm systems and response plans have been refined through experience.
"The criminal investigation into this latest attack will almost certainly now be focusing on trying to establish who is behind it; which whilst very difficult, is not impossible. If they do this quickly enough, they may be able to recover some of the stolen data, to the extent that it has not already been disseminated.
"Customers of TalkTalk should be hyper vigilant, carefully monitor bank accounts and change passwords. It may also be worth checking your insurance policies to see if any include cover against identity fraud, should the worst happen."