What's that old saying? People are two missed meals or one jittery champions league group stage match stream away from revolution.
Prior to its disastrous 2015 mega hack, UK ISP TalkTalk had told British spies at GCHQ that should an attack occur, its main focus would be to restore "online sports streaming", according to the head of operations at the country's National Cyber Crime Unit. Speaking at the Cyber Security in Healthcare event at the UK Health …
If I had all teh doors and windows wide open in my property whilst I was out and I was then burgled I might feel like a victim but I would not be as far as insurance company (or anyone with half a brain cell) was concerned.
If you are a major ISP then shoddy security that a few script kiddies can break is not being a victim it is being inept (ignoring security as a niggly cost expense). If they had good security and someone used a zero day to breach them, or some very sophisticated social engineering then they could be more like victims,
Sport priority says it all though & reveals exactly why the were hacked so easily.
as the responsibility cuts across multiple roles in the company."
You are an ISP, you are operating at the front end of a system with known and unknown government and non-government cyber threats, you are the gatekeeper to your customers data and home systems.
Responsibility for security shouldn't be at the line-manager level, it should be at board-level cutting across all areas of the company. What a set of morons.
Borrowing Doctor Syntax's comment as a subject...
Former boss Dido Harding later told MPs there was no specific line manager for cyber security as the responsibility cuts across multiple roles in the company.
That tells us all we needed to know about the Blessed Dido Harding in the job she was supposed to be doing.
If we didn't know it already, that is.
Come on, which dipshit at TalkTalk did the survey?
I would like to be the first to point out that if your network goes down you ain't streaming sh*t so therefore your network is your main priority.
Clearly they passed the survey to a sales droid which just goes to show how completely and utterly useless they really are like my superpower which is the ability to read my own mind.
This is equivalent to a conventional telco saying that in the event of a system outage their priority will be do restore the premium grumble lines, not the 999/911 service. Of course any telco even implying that would have it's operating license revoked for breaching the 2003 Communications Act.
The company estimated the attack cost it £42m. Since then it said it has “substantially” increased its investment in
cyber security, and has appointed a chief information security officer. not giving a shit about security, customer service, and has managed to to be hacked almost quarterly every year since, yet still somehow has customers.
Fixed that for you!
I think blaming the PR team might be a little unfair; their role is to try to make the best of a bad job.
C suite occupants are fair game, though; they created the "bad job" in the first place.
I find myself wondering what the TalkTalk Data Controller has said about the security of customer data; he/she has a statutory responsibility for its protection even if the responsibility doesn't extend as far as ensuring effective cybersecurity.
"Hardest job in the world, that, the old Data Security Officer game... "
Name on the ICO register as the ISO and everything. My fatal mistake was to take the time (my own time, naturally) to read up on the responsibilities I had in law, and then to make reasonable efforts to keep $employer on the straight and narrow. Talk about "How to lose friends an influence people"... when I pointed out that handing customer PII to an offshore (non-DPD compliant) territory was really not allowed, it was pointed out to me that , well, that's interesting, now haven't you got some flashing lights to go stare at? And they carried on regardless. They were probably right, really, the odds of getting caught were zero, and the odds of getting any serious bother if something bad happened at it blew up were low enough when amortised across the five centuries they reckoned it'd take for the bad thing to happen were also so low as to make anything more than token lipservice and auditor-friendly box-ticking the order of the day.
Why bother asking them for a response - Here's the standard corporate PR blurb for these matters:
[InsertCompanyName] takes its customers' security seriously and takes all reasonable precautions to ensure the safety of customer data and internal audit has been initiated to establish the severity of any data breach. We cannot comment further until this investigation is completed / the press have lost interest.
On a different note, it occurs to me that any organization publically advertising for a CIO in charge of cyber security may well be inviting themselves to be hacked. - It's a bit like telling the guy at PCWorld you know nothing about computers and showing him a wallet full of £50 notes.
"We do not recognise these comments. Our biggest security priority has always been protecting our customers"
I wonder what their actual biggest or highest priority is, because I assume its making money. At this point I will give TalkTalk a plus star (1 out of 10) for saying biggest security priority and not lying by saying it was their biggest priority.
If this attack only cost them 42 million, then they haven't done a good enough job of ensuring this doesn't happen again.
It costs a lot more than 42m for a company like this to investigate the entire network, hire more InfoSec professionals, ensure the systems are clean, purchase more InfoSec equipment, create policies, audit policies, update legacy systems, hire more employees to tackle customer relations and damage control, not to mention loss of subscriptions, etc..
Total cost should be around 200-400 million, not 42.
Either we aren't being told the truth, or they're still too ignorant about information security.
TalkTalk – the Salford-based telco which has more than four million broadband customers – has been ticked off by the UK's Advertising Standards Authority (ASA) following nine separate complaints about misleading ads.
The initial objections centre on two ads – on TV and via email - that ran early in 2020 which talked about a 24-month broadband offer that was "fixed until 2022" or promised "no mid-contract rises."
The ASA intervened when the complainants reported that the price of their broadband packages was to "increase during the fixed contract period" despite the assurances made in the ad.
Baroness Dido "Queen of Carnage" Harding, former TalkTalk CEO and current head of NHS Test and Trace, is reportedly eyeing the top job at NHS England.
According to The Times, the exec has expressed an interest to various leaders in the healthcare sector. If selected, she would replace Sir Simon Stevens, who has served as CEO of the NHS in England since 2014 and leaves in July.
Speaking on BBC Radio 4's Woman's Hour this morning, Harding acknowledged she was considering applying for the job, but said she had not made a formal application yet.
The UK's favourite* telecoms outfit, TalkTalk, has continued its impressive track record of delighting customers with a forced upgrade of legacy OneTel.com users to the shiny new TalkTalk Mail.
"We'll be upgrading your email in a few days," the company breathlessly told Register reader Martin Parker, skipping over the fact that his legacy account would actually be toast by the following day.
TalkTalk has form when it comes to this sort of thing. Last year the company warned holders of legacy Tiscali emails accounts to expect to start paying the company some money or face the prospect of shuttered mailboxes.
There is an early Christmas present for customers of TalkTalk Business as the company prepares to swing the axe on a legacy email service.
Users of talktalkbusiness.net have received notification that TalkTalk intends to shut down email services for the domain. As of 4 January 2021, email addresses for the domain will simply cease to exist.
It's all very on point for 2020.
TalkTalk has agreed to a £1.1bn takeover from Toscafund, its second-largest existing shareholder after company founder Sir Charles Dunstone and private equity fund Penta Capital.
The terms of the deal are unchanged from the original bid, valuing each share at 97p. This represents a 16.4 per cent premium on the pre-offer closing price of 83.3p in October, but still a slight discount on the 52-week high of 124.84p.
Shareholders unwilling to take the cash buyout will be able to exchange their stake for shares in the acquired company, which will not be listed on any exchanges.
TalkTalk Business customers (at least those using the talktalkbusiness.net email domain) opened the second door of their advent calendars this morning and were rewarded with... an extension to the switch-off date.
Originally scheduled for culling on 4 January 2021, the legacy email domain servers on the receiving end of @talktalkbusiness.net missives have been given a stay of execution to 31 January 2021, according to the company.
After our earlier story on the matter, a spokesperson got in touch to pass on the good news: "The phasing out of this legacy email domain is part of a long term strategy and will apply to a very small number of our existing customers. However, we completely understand that Christmas is a busy time for businesses and have extended the deadline for these changes to January 31st 2021. Any customers requiring further assistance are invited to contact a member of the TalkTalk customer service team via our dedicated helpline."
UK telco TalkTalk has asked regulators for an extension on its takeover negotations as it mulls a £1.1bn offer from Toscafund Asset Management.
News of the acquisition offer broke early last month, and TalkTalk had a deadline of 5 November to either accept or reject the proposal. Following the approval of the Panel on Takeovers and Mergers, that deadline was today extended to 3 December. Any further extensions will require the panel's consent.
A source with information on the deal said extensions of this type are "pretty common", adding that the 28-day deadline was an improbably short amount of time to conclude a takeover arrangement given the ongoing disruption caused by the coronavirus pandemic.
Second-hand tat bazaar eBay was unavailable for some UK users this week, after Virgin Media and TalkTalk mistakenly blacklisted the site’s CDN in their parental control filtering software.
The error was spotted by UK digital civil liberties watchdog, The Open Rights Group, which estimated the problem affected between 20 and 30 per cent of Virgin Media and Talk Talk customers, and lasted at least three days.
UK ISP TalkTalk has confirmed it is considering a takeover offer from Toscafund Asset Management that values the broadband and TV provider at £1.1bn.
Toscafund Asset Management, which already owns 30.5 per cent of TalkTalk, is aiming to pay 97 pence per share. That's a premium of 13.5 pence on the previous day's closing price of 83.5, but still short of the 135 pence-per-share reportedly offered last year.
News of the purchase sent TalkTalk's share price surging. At the time of writing, it is trading at 97.7 pence – slightly higher than the offer made by Toscafund.
What do TalkTalk, Three, and Virgin Media all have in common? They've each won a gong for sating the lowest proportion of customers in broadband, mobile, and landline services respectively.
So says UK comms regulator Ofcom in its fourth annual customer service report [PDF], which looked at how each of the major providers shaped up in the year to January 2020 before the COVID-19 crisis began.
In general, the total level of customer satisfaction with internet access, mobile, and fixed-line services was "in line" with the prior study: complaints against telcos continued to fall, as did the proportion of engineers that missed appointments, and new line installations were more rapid than in previous years.
Biting the hand that feeds IT © 1998–2022