This keeps getting better and better...
TalkTalk's competitors would have been thoroughly enjoying the last couple of days (and more to come?).
TalkTalk has confirmed that its business customers may also have been affected by the attack on its systems last week. The company is in the process of telling its biz subscribers that they may have had their data stolen following the latest security breach to have hit TalkTalk. A spokesman at the budget ISP told El Reg on …
>>TalkTalk's competitors would have been thoroughly enjoying the last couple of days (and more to come?).
Well their CEOs and boards are probably enjoying it. Their IT staff are probably all collectively going "thank fuck that wasn't us" whilst wondering if this means upper management will actually now approve that security overhaul they've been asking for over the last n months.
I wonder if Talk Talk Wholesale will be next to admit they've had security problems ?
I think the only safe assumption at this point is for every single person, company, or entity to assume that every piece of data they ever gave TalkTalk or that TalkTalk were in a position to purchase about them, has now been thoroughly compromised and exposed. If TalkTalk are eventually able to prove otherwise, it'll be a nice, if unlikely bonus.
Outsourcing, offshoring, and cost cutting IT just never ever goes wrong. Oh, wait....
Because they specifically moved some of their small business customers to their residential service?
Correct... In which case, it would suggest that millions of former residential customers have possibly also had their bank details, address and date of birth stolen. And yet TalkTalk STILL cannot tell us if this is the case. I guess they have even less regard for former customers than they do for current ones. They need to clarify this so the ICO can give them a bigger kicking.
They need to clarify this so the ICO can give them a bigger kicking.
How? If they can maintain that the whole thing is a single breach, then the maximum fine is half a million. That's a whopping 0.2% of last year's EBITDA, or an even smaller percentage of their annual spend on marketing and customer acquisition.
I think an ICO penalty is inevitable, but TalkTalk are not even going to notice it.
This post has been deleted by its author
"The telco said that small businesses may have had their name, address, email address, telephone number, TalkTalk account information, password and bank details nicked by malefactors."
For some time, cautious/paranoid people have used different email adresses for contact with different people and organisations, in case of leaks/compomise. Perhaps it's time for businesses to use separate phone numbers and bank accounts for dealing with different suppliers and customers.
This post has been deleted by its author
Pipex were great quite a few years ago, since then a few sell outs have happened and now we are a talk talk business customer :/
Thank god our main connections are via magic wifi type antenna on the roof from a local supplier! The adsl we have with talk talk is just a backup..... will be replaced soon methinks. 50Mb uncontested connection with 5x ip address for £50 a month ain't bad :)
Lots of news but no real details of what happened?
Has anyone any idea what methods where used?
Was it sql injection, if so IT should be shot, since easy to protect againgst using stored procs.
I can understand how DoS can bring a site down, but not how this can actually extract info?