Ever since it was revealed that TalkTalk Telecom Plc's website has been hacked, the U.K. telecoms company has played down the scale of the security breach, but it now admits the financial impact of the cyberattack could cost the company about $53 million -- as it tries to secure its customer base by offering all of its users a free upgrade.
The news came directly from the company as it released its first-half results with TalkTalk telling shareholders that the cost of the recent cyberattack will hit the company's bottom line at between 30 million to 35 million pounds ($45.5 million to $53 million). The company added that while it was too soon to give a definitive analysis of how the attack affected the company's subscriber numbers, early indications were positive.
"While it is too early at this stage to assess the wider impact of the cyber attack on the business, early data on churn and retention activity in the days since the attack is encouraging," a company statement said.
TalkTalk, a phone and broadband provider in the U.K., is still reeling from what is the company's third major cyberattack in the space of 12 months. Following the attack on Oct. 22, TalkTalk CEO Dido Harding revealed that she had been contacted by those claiming responsibility for the attack, demanding an 80,000 pound (roughly $123,000) ransom to be paid in bitcoin, otherwise the company's customer information would be posted on the dark web.
In a video message accompanying the financial results, Harding said the company would be offering all customers -- even those not directly affected by the attack -- a free upgrade of their services. "Whilst the number of customers directly affected by this attack is materially smaller than we at first feared I would in no way wish to diminish the impact of the unavoidable uncertainty of the attack on all of our customers," Harding said.
The company CEO added that she was "humbled and encouraged" by feedback from her customers who had praised TalkTalk for "doing the right thing" in relation to handling the fallout from this attack. Last week, TalkTalk revealed a much smaller number of affected customers than were initially thought to have been impacted. The company says the total number of customers whose personal details were accessed is 156,959, and of this number 15,656 bank account numbers and sort codes were accessed.
The company also revealed that 28,000 "obscured" credit and debit card numbers were accessed but claimed these "cannot be used for financial transactions, and were ‘orphaned’, meaning that customers cannot be identified by the stolen data."
To date police in the U.K. have made three arrests in relation to the attack. Two teenagers and a 20-year-old man have all been bailed following their detention and so far no charges have been made against anyone. One of those arrested, a 15-year-old boy from Northern Ireland, has sued three U.K. newspapers for identifying him even though he is a minor in the eyes of the court.