TalkTalk chief executive Dido Harding has told the House of Commons Culture, Media and Sport Select Committee that the firm has major "lessons to learn" after the breach on its systems in October.
Harding took full responsibility claiming that cyber security was a board issue and as such she as CEO was taking responsibility for the incident. "Clearly, you have to look back with the benefit of hindsight and say ‘If I had the time again would I have done more on security knowing what we know today?'. I think the only logical conclusion you can reach is of course. Would that have prevented the attack? I don't know." Harding said.
This of course is hardly reassuring for TalkTalk's 4 million customers, especially when it came to light that the Police had instructed Harding to initially keep the cyber breach (opens in new tab) of potentially 4 million customers records quiet.
Baroness Harding said Scotland Yard told the telecoms company to keep the attack secret – including a “credible” ransom demand – so detectives could try to find the culprits.
Harding said: “I was clear by the lunchtime on the Thursday [22 October] that the sensible thing to do to protect my customers was to warn all of them because I could help make them safer. The advice we received from the Metropolitan Police was not to tell our customers.
Harding explained the complex nature of TalkTalk's security setup (opens in new tab) and that there are two separate teams operating independently.
"The security function role is to make sure the whole company is taking security seriously. It's providing an audit and assurance function as well as performing specific security tasks," she told the committee.
"The technology function that builds all of our systems and processes has a very large element of responsibility for security and that's separate from our security team because they actually implement the security standards and processes and policies."