UPDATE, 8:30 p.m. EDT Oct. 23: TalkTalk officials said Friday that they had received a ransom demand from someone claiming responsibility for a cyberattack that may have led to the theft of data from more than 4 million customers, Reuters reported. "We have been contacted by, I don't know whether it is an individual or a group, purporting to be the hacker," TalkTalk CEO Dido Harding told the BBC, the report said.
Harding said the ransom demand arrived by email, but she declined to provide further details. The Reuters report also quoted Jens Monrad, a security expert in Copenhagen for U.S. cyber defense firm FireEye. He said that samples of financial data that seemed to be from TalkTalk customers had been spotted for sale on the so-called dark Web, according to Reuters.
LONDON -- TalkTalk, the British telecoms company, has admitted that it has suffered its third major cyberattack in the last 12 months with data from its 4 million customers compromised by hackers in a "significant and sustained attack" on its website.
In the wake of the admission by TalkTalk, the company's shares on the London Stock Exchange dropped 10 percent as news of the attack spread before rebounding slightly. In a statement, the company said:
We are very sorry to tell you that on Thursday 22nd October a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyberattack on our website on Wednesday 21st October. The investigation is ongoing, but unfortunately there is a chance that some of the following data may have been accessed
That information includes names and addresses, dates of birth, email addresses, telephone numbers, account information and, crucially, credit card and bank details that could have been accessed by the hackers. TalkTalk also admitted that "not all of the data was encrypted" though it didn't reveal which parts of its database had been left in plain text.
Dido Harding, chief executive of the TalkTalk group, told BBC News: “It’s too early to know exactly what data has been attacked and what has been stolen. Potentially it could affect all of our customers, which is why we are contacting them all by email and we will also write to them as well.”
The BBC is reporting that the attackers used a technique known as a distributed denial of service (DDoS) to overwhelm the company's website, but this has not been confirmed by TalkTalk. A DDoS attack would need to have been used as part of a broader attack strategy as it alone would not allow the attackers to steal any information.
The company said its website is secure again, but customers may have difficulty in believing the company, given this is the third major breach in a year. In February, the company warned its customers that scammers had stolen data from thousands of accounts while in August TalkTalk's mobile sales website was hacked with more customer data stolen.
“It really is time that these major businesses gave the issue the attention it deserves – they need to stop relying on simple password-based authentication and to start applying enterprise grade solutions," Richard Parris, CEO at Intercede, a credential management company, told International Business Times. "Protecting customers’ private data should be a top priority for any organization. Failure to demonstrate that adequate safeguards are in place will inevitably result in customers, and revenues, disappearing.”
Harding said customers affected by the breach will be getting a year's free credit monitoring and that TalkTalk had alerted major banks to warn them to be on the lookout for fraudulent behavior. It has also asked customers to monitor their own accounts over the next few months for suspicious activity.
Jon French, security analyst of AppRiver, said TalkTalk customers "should be suspicious of any unexpected emails or phone calls that may be asking them for additional information. If someone calling or emailing you already has information like name, address, email address, or other account information, that doesn’t mean they can automatically be trusted. They may cite that data to get someone to trust them to hand over more information like a credit card or password."
Islamic Extremists To Blame?
The identity of the hackers is unknown but one group has claimed responsibility by posting a message online saying the attack was carried out in the name of Allah, adding a warning that "your hands are covered in blood" and "Judgment Day is soon." The message, which at this point is unverified, was posted on text-sharing website Pastebin along with a sample of the customers' records and is credited to a group calling itself "Th3 W3b 0f H4r4m."
IBT has asked TalkTalk to confirm or deny the validity of the data posted by the group. But no response was received by the time of publication.
The group adds that it is based "in the Soviet Russia" and used the dark Web to prevent authorities from tracking its movements. The information posted online includes email addresses and account information. Most of the entries include a time stamp from 2012, which could suggest this is out of date, but it could be related to the last time the customers updated their passwords.
Speaking on BBC Radio 4's Today program, Adrian Culley, a former detective at Scotland Yard's cybercrime unit, said: "It appears at face value to be related to Islamic cyberterrorism," adding that this was a matter of national security. The problem with Pastebin is that there is no way of verifying the identity of the person or group who posted the information on the website.