back to article TalkTalk incident management: A timeline

Contradictory statements issued by TalkTalk regarding the third data breach the company has experienced this year have provided inadequate information to the telco's customers about their data, while effectively insulating the company from questions regarding its security practices with insubstantive, and at times incoherent, PR …

  1. Anonymous Coward
    Anonymous Coward

    Let me fix that headline for you:

    "Talktalk incident mismanagement: A timeline"

    1. Ben Boyle

      TalkTalk, soon to be rebranded "Fuck. Fuuuuuuck!"

      1. Alan Brown Silver badge

        Or more politely: Bork Bork

        Here's a clip of Dido in the kitchen: https://www.youtube.com/watch?v=AvDvTnTGjgQ (complete with the end results of all their efforts in spin at 2:54)

  2. monty75
    FAIL

    D'oh the irony!

    Currently on TalkTalk's homepage is this AOL article:

    "Protect yourself from phone scams

    Hackers could not access enough information to take cash from bank accounts. Don't get tricked into giving your details over the telephone"

  3. Len Goddard

    Never

    Another company on my list of those with whom I will never do business.

    1. Roq D. Kasba

      Re: Never

      I find it harder and harder to remember who's on my shit-list, it gets so crowded. I think I'm still friends with Waitrose, but who can tell for sure?!

      1. VinceH

        Re: Never

        Yeah, same boat. I think I may have to start making my list a real thing, rather than keeping it my head. I'm getting too old for all this remembering shit.

      2. TheRealRoland
        Joke

        Re: Never

        >I find it harder and harder to remember who's on my shit-list, it gets so crowded.

        >I think I'm still friends with Waitrose, but who can tell for sure?!

        I can help you with that, it will take just one moment to access your information from my system... Hm, that is strange? For verification purposes only, can I get your full name, mother's maiden name, etc. ?

        ;-)

  4. James Cullingham

    Have I understood correctly?

    So, if you can prove that you have actually been robbed as a result of their possible negligence, then by way of compensation they won't charge you for switching to a potentially more responsible provider.

    Wow, that's really generous.

    1. Anonymous Coward
      Anonymous Coward

      Re: Have I understood correctly?

      Have an Upvote

      Robbed if you do, robbed if you don't.

    2. sandman

      Re: Have I understood correctly?

      "A potentially more responsible provider." If you can find one! How would you know?

      1. TheOtherHobbes

        Re: Have I understood correctly?

        They're not TalkTalk.

        I know the bar isn't high. If it was any lower it would be Satan's own limbo disco.

        But still.

      2. Stuart 22

        Re: Have I understood correctly?

        A potentially more responsible provider." If you can find one! How would you know?"

        History, my dear boy. Not a guarantee but a jolly good indicator.

        I could name four ISPs (two in the value market and two in the premium market) who I would recommend to anybody. They have delivered consistent high quality connections. More importantly they have intelligent teams who have coped with incidents. Quality support is an expensive luxury until you need it. TalkTalk's expertise is (sorry WAS) talking you out of thinking you need it.

        1. chris 17 Silver badge

          Re: Have I understood correctly?

          @ Stuart 22

          umm go on then, name them ISP's.

      3. Dan 55 Silver badge

        Re: Have I understood correctly?

        Out of the usual suspects, only Virgin said something for the security metric that suggested that they take some care over your personal data.

        http://arstechnica.co.uk/business/2015/05/ars-technica-the-uk-safest-isp/

        Or you can try a website like this one...

        http://www.ispreview.co.uk/

        1. I. Aproveofitspendingonspecificprojects

          Re: Have I understood correctly?

          The UK has a dead dog in this fight. They [GCHQ] are worse than the US."

          For Internet surfers in the UK, the most significant surveillance program revealed by the leaks is Tempora. According to documents leaked to The Guardian, Tempora is a GCHQ program that intercepts data on many of the Internet’s fibre-optic backbone connections, both in the UK and globally. The extent of Tempora is unknown, but Snowden’s leaks contained a claim from the UK that GCHQ scoops up even more metadata than the NSA.

          None of the GCHQs laudible systems aims served to prevent anything most of us would like to have seen prevented since before the USA was taken over by the chimp

    3. Alan Brown Silver badge

      Re: Have I understood correctly?

      Then you can take them to court and claim it all back, plus distress claims. (FTFY)

      Of course they don't want to admit that their liabilities are somewhere north of ££millions.

    4. Anonymous Coward
      Anonymous Coward

      Re: Have I understood correctly?

      As a TalkTalk customer I should have been notified by secure means ie not a web announcement nor email, of 9 facets dealing with this incident as laid down in EU reg 611/2013., I'm still waiting

      This Law says:

      The notification to the subscriber or individual shall be made without undue delay after the detection of the personal data breach, as set out in the third subparagraph of Article 2(2).

  5. lansalot

    it's a shame that "I have no faith left in you, you incompetents" isn't considered a valid enough reason to leave.

    1. Dan 55 Silver badge

      It is if you take into account the Supply of Goods and Services Act and are willing to have it out with them. Service must be carried out with reasonable care and skill. Service must be of satisfactory quality and fit for purpose.

      Their T&Cs are like an EULA, you've still got your consumer rights.

  6. Anonymous Coward
    Anonymous Coward

    christ

    If they get away with this farce I'm just going to give up, there's going to be no point if Visa and Mastercard don't punish them to bother trying to get PCI implemented as every board member will go "well TalkTalk got away with a slap on the wrist why should we bother" and as to data protection I can imagine anyone wanting to have security enforced will be laughed out of the building.

    They can't be allowed to get away with this.

    1. Dan 55 Silver badge

      Re: christ

      There is also the ICO which now appears to be saying that encryption is just one thing TalkTalk could have done. Amazing what happens when the boss knows the right people.

      1. Adam 52 Silver badge

        Re: christ

        He's right. They could have complety air gapped their systems and kept everything on paper in a secure vault with armed guards.

        But they didn't. So they're still in trouble because their measures clearly weren't "adequate".

        Not that they're any different to thousands of others (including healthcare providers and banks).

    2. Peter X

      Re: christ

      Not wishing to detract from beating up TalkTalk, but since people here might have an answer, I have a question...

      Q. Why don't credit-card companies tell providers NOT to store card details ever, and instead, issue them a token on receipt of a valid card number? E.g.

      Customer (unwisely) decides to sign up with TalkTalk. Enters their contact details and card number on the TT website and agree to (say) a sign up fee of £X and recurring debits of ~£Y based on call-usage etc.

      For £X, since it's a one-off, TT don't need to store a card number. For ~£Y they do currently because they need to debit the customer (usually) once a month. So instead the card company supplies a token (like a disposable card number) but this one is constrained such that ONLY TT can use it... so even if it leaks, it's useless. And it could be further constrained by number of debits per month, or limited value ranges.

      I've wondered this for years... basically whenever a leak ends up in the news. It's an obvious solution, so I'm guessing there's a good reason it's not implemented?

      1. Simon Rockman

        Re: christ

        This is exactly how services like Stripe and Braintree work.

  7. Anonymous Coward
    Anonymous Coward

    They have left an open door for the competition

    "We respect our customers privacy and encrypt all financial data. Leave TalkTalk and sign up with us and we will pay your termination fees."

    That no one is making such statements makes you wonder just how secure they are.

    I know plusnet store passwords either as plain text or using easily reversible encryption, their support people can tell you what your password is.

    1. Anonymous Coward
      Anonymous Coward

      Re: They have left an open door for the competition

      > That no one is making such statements makes you wonder just how secure they are.

      FYI EE are currently offering to pay termination fees up to £100. They haven't made a statement such as that quoted though :-(

    2. Kubla Cant

      Re: They have left an open door for the competition

      I know plusnet store passwords either as plain text or using easily reversible encryption, their support people can tell you what your password is.

      BT too.

      1. Dabooka

        Re: They have left an open door for the competition

        Sorry, password for what? Your login or your (supplied) router?

        Just to be clear....

        1. Anonymous Coward
          Anonymous Coward

          Re: They have left an open door for the competition

          Account login used on the modem, ISP supplied email etc... not the supplied router admin password or WiFi passphrase.

          Their justification for it is that it makes things easier when customers call support.

          Those passwords aren't normally used for much so poor security on them isn't much of an issue directly. What is more worrying is the underlying attitude that it's ok to compromise security if it makes life easier.

          Not to mention the obvious issue that people frequently re-use passwords

      2. Alan Brown Silver badge

        Re: They have left an open door for the competition

        Given that PLusnet and BT are the same company, the fact that they use deficient procedures is hardly surprising.

        The fact of any outfit keeps the password in plaintext is a good reason to avoid them, even if you never use their supplied email setup (you many not use it, but someone else might well decide to use it to impersonate you.)

      3. MrXavia

        Re: They have left an open door for the competition

        @Kubla Cant

        Interesting, when I've talked to them in the past they 'reset' the password to default for me, which is always the same, but as long as you change it (which should be mandatory but I think is not) they don't have access to it (well they don't seem to)

    3. Mike Somers

      Re: They have left an open door for the competition

      Aren't Plusnet and TalkTalk the same company?

  8. Anonymous Coward
    Anonymous Coward

    Talk is cheap

    Seem Talk Talk's security regime is even cheaper...

  9. Version 1.0 Silver badge

    Standard Operating Proceedure

    How is this different from any other large corporation? Customers are chickens, waiting to be plucked and consumed - that is how the world works these days.

  10. Jim McCafferty

    ' OR 1=1.

    Just checking.

    1. omnicent

      missed OR 1=' at the end...

      Just fixing.

  11. Grubby

    Surely not

    A company is allowed to lose your data to people who intend to use it to commit crime which may financially impact you and you have to pay to make any changes to the data (like change bank etc)? And this is legal?!

    Has anyone checked to see if any of the senior management at TalkTalk bought shares in Noddle in the past few weeks? The value of that company will be rocketing at the minute and TalkTalk have effectively created a revenue stream.

    1. Alan Brown Silver badge

      Re: Surely not

      " And this is legal?!"

      No, and you have plenty of rights to sue them.

      The DPA explicitly allows private action in the case of a data breach and a recent Court of Appeal decision upheld "distress" claims, meaning you can go for far more than just any actual monetary loss.

  12. phil dude
    IT Angle

    liability....and how about some company control?

    I have mentioned it before, but perhaps statutory liability should be attached for holding personal information?

    The obsession of knowing *everything* about you is never for *your* benefit. If the cheque clears, why do they care?

    It may turn out that they can "provide a better service" by knowing every last thing about you.

    One wonders if the only way some companies get so large is not by being good, but by being less worse than the competition?

    Note the icon...nothing to see here!

    P.

    1. Dan 55 Silver badge

      Re: liability....and how about some company control?

      The reason why StalkStalk does care beyond the cheque clearing is that their business model includes selling your data on to third parties.

    2. MrXavia

      Re: liability....and how about some company control?

      I never got why companies hold so much information on us...

      I have a small business... The amount of information I keep on customers is minimal, only what I need to actually perform the service for them.

      And actually storing bank details in a way that can be accessed over the internet??? are they mad?

      Surely you have a one-way internal API call for that data, actual credit card data stored encrypted in that system and ONLY the payment processor should have access to the private key to decrypt?

  13. Anonymous Coward
    Anonymous Coward

    If anyone thinking to join TalkTalk, dont. There is no legal obligation to encrypt data, but as the past has shown, there is a moral obligation. Because things like this will continue to happen and unencrypted data is a gold mine. I hope ICO nails them with a massive fine. And if you are on TalkTalk, keep all of this in mind when renewing your contract.

    1. Richard Wharram

      Encryption

      Encryption might not have made any difference. If they just used SQL to query the data out of the database then it doesn't matter if it was encrypted at rest or if the channels the data travelled over were encrypted.

      Allowing SQL injection usually means you developed your website in an old framework that didn't block it by default (like classic ASP or early versions of RoR) or that your devs over-rode the defaults to make their code easier. Also that you didn't run any number of automated pen-test tools against the site. Or that you ignored the results if you did.

      1. Anonymous Coward
        Anonymous Coward

        Re: Encryption

        That is only true if talking about TDE (transparent data encryption). Which is only good for people that miss-place their servers/storage, or cant be bothered to destroy the drives with the sensitive data on it when finished with them.

        If the data was encrypted at the application level then sql injection wouldn't work, it would need to be an application level exploit to get the data. If the data wasn't accessible by the web service (as it shouldnt be) and only tokenised and masked data then no data would have been available apart form the partial masked data needed for any comparisons in sql queries.

  14. Stefan_Minkey

    Don't these guys have their technical teams based in the Philippines? More off shoring = crap IT security ?

    1. Anonymous Coward
      Anonymous Coward

      the off shoring is just a symptom, the reason the IT security is crap is because they don't care about security, they also don't care about IT, it's all just a cost centre that they want to make smaller. The offshoring is just a sign that talktalk don't give two fucks about customer security or IT in general.

    2. Anonymous Coward
      Anonymous Coward

      No, we're still here in Blighty.

      The call centres are off-shore though.

  15. Stevie

    Bah!

    I imagine that after a few more days of PR, Talk-Talk's share price will be in the toilet and there won't be anyone able to pursue fleeing subscribers and assess penalties owing to there not being any money left in the petty cash secure reserve (the tea caddy in the coffee room with a "petty cash" sticker on it).

    1. macjules

      Re: Bah!

      Best place for their share price. From their track record they'll probably claim that someone hacked the Stock Exchange though to ruin their share price.

  16. macjules
    Facepalm

    Yer wot?

    "No banking details have been taken that you wouldn't already be sharing when you write a cheque or give to someone so they can pay money into your account."

    You mean, "We might have let slip your Account Name, Number, Sort code and Bank Address. Don't worry we didn't give the evil, anarchic, Islamo-fascist, Russian, chain-smoking, ex-banker terrorist* anything else, or did we?*

    * - now known to be a 15 year-old who once tried $ ssh www.talktalk.com

  17. Anonymous Coward
    Anonymous Coward

    Not good enough, Dido.

    "TalkTalk's site denies a breach of the DPA, noting 'This is a criminal attack'"

    Yes, in the same way that if someone burgles my house that's a criminal attack, but it's still my responsibility to lock the front door.

    They deserve to lose a lot of customers because of this.

  18. Bunker_Monkey

    The ability to react professionally

    is insignificant next to the ineptability of the CEO

    1. Anonymous Coward
      Anonymous Coward

      Re: The ability to react professionally

      Is ineptability a word?

      Anyhow, how can the CEO be inept when paid such a large salary? (GBP £6,842,000 (total compensation, 2014) according to https://en.wikipedia.org/wiki/Dido_Harding, though only 1,047,000 GBP according to http://www.bloomberg.com/research/stocks/people/person.asp?personId=10917296&privcapId=47128684 (linked from same Wikipedia article)).

      Any fule know we live in a meritocracy where all are paid according to their worth. I believe everything our glorious rulers tell us.

  19. Bunker_Monkey

    They should change their trading name.

    TalkTalk to HackHack

  20. Friar

    the Dotcom experience.....

    This is all entirely predictable. Talk Talk's IT is a direct descendant of the original dotcom boom and bust. I worked in a start-up then and the attitude was to deliver fast and first. Procedures and methodologies were for wusses and losers.

    The founder of Carphone Warehouse, Dunstone, was an entrepreneur who operated this way too. He saw a gap in the market and exploited it. Again speed and being first were critical, He moved his company into being an ISP when he saw the money to be made. His IT boss was told to 'make it so', despite the IT department having no previous skills or background in the field. Growth then became the supreme directive. The IT Department were instructed to ramp up customer provision as fast as they could to keep up with a huge marketing push. I attended an IT conference where a Carphone Warehouse IT Manager told the story of their move into being an ISP.

    It is no surprise at all that security played catch-up in all this. If the firm was unwilling to put money into customer service, as evidenced by customers' experience, was it ever particularly likely that they were investing in security either?

    1. Anonymous Coward
      Anonymous Coward

      Re: the Dotcom experience.....

      Procedures and methodologies were for wusses and losers.

      Welcome to "Agile" development.

      1. CastorAcer

        Re: the Dotcom experience.....

        @AC

        Hopefully you actually know Agile properly and are air-quoting "Agile" because you are referring to all the monkeys who use the term and other people's ignorance to excuse their incompetence.

        If not, may I respectfully suggest that you learn what proper Agile is because it is very disciplined indeed when practiced properly...

  21. pollyanna
    WTF?

    Remember TalkTalk CEO Office Statement Of 23 SEP 2014?

    Handily Paul Moore has it all recorded and put online at https://paul.reviews/value-security-avoid-talktalk/

    Highlights :

    TalkTalk confirmed by e-mail that :

    * The ICO audits their website EVERY WEEK, validating every single link.

    * TalkTalk claimed not to be mishandling customer data or financial information

    * They have no intention of taking action over any security problems reported by Paul

    Why is this exchange not coming back to haunt them ? ElReg? I think you should be making a much bigger deal of their documented blatant and intentional disregard of security.

  22. Evoflash

    Excellent journalism. Well done.

  23. Chris Evans

    Radio 4's bottom line!

    Evan Davis did a 'The Bottom Line' program a couple of weeks ago about what companies should do when they have a crisis like this. They covered VW's and BP's recent woes.

    I suspect Talk Talk must have listened and decided to do the opposite!

  24. Chris Evans

    False offer for "free credit reporting"

    Their misleading stance goes from bad to down right lying!

    Their email to me said: "Sign up to your free credit reporting service using this code: TT231"

    That seems the appropriate thing for them to do, to pay for a financial report for customers.

    So I duly signed up, but during signing up I was never asked for a code. I then found out that anyone can sign up for free no code is necessary. noddle.co.uk

    I also do wonder about the reports usefulness, any misuse of my financial information would probably takes weeks if not months to show up. Some people might thing it offered some protection not just tell you the horse bolted a month ago.

    I wonder if they will be able to survive this.

    1. Dabooka
      FAIL

      Re: False offer for "free credit reporting"

      So you took them up on the offer. Ah.

      Prepare for lots of spam offering PPI claims, etc

    2. Allonymous Coward

      Re: False offer for "free credit reporting"

      Noddle isn't free. Well, the very basic core service is but as soon as you want to do anything useful you end up in "in-app purchase" land. I know this because I've had an account with them for a few months.

      In fact, the TalkTalk code gets you access to "alerting", which is (only) one of Noddle's paid-for services. I signed up for it because why the heck not, I already had the Noddle account. And I'm a TalkTalk customer, at least until my contract expires.

      They don't make this information easy to find on their website because they're [incompetent|malicious] (delete one). Here's a link to it: http://help2.talktalk.co.uk/noddlealerts

      1. Chris Evans

        Re: False offer for "free credit reporting"

        Thanks for the link AC. So TT aren't quite as bad as I thought, but they are still awful.

      2. I. Aproveofitspendingonspecificprojects

        Re: False offer for "free credit reporting"

        > I'm a TalkTalk customer, at least until my contract expires.

        > They don't make this information easy to find on their website because they're [incompetent|malicious]

        You don't have to wait for expiry if they are incompetent or malicious.

  25. ravenviz Silver badge
    Coat

    Legislate visible security ratings for companies that hold personal data

    Much like houses and fridges these days have to be rated for environmental reasons, maybe an idea to have companies audited for a publicly visible security rating, so customers can make up their own mind about who to go with, based on how safe their personal details are with that company.

    icon = someone stealing from my jacket when I'm not there

    1. PaulyV

      Re: Legislate visible security ratings for companies that hold personal data

      Ah, like this:

      http://postimg.org/image/s4uwb08zx/

  26. Anonymous Coward
    Anonymous Coward

    TalkTalk is still recommending users change their passwords - but has still not resurrected the system to let them do so.

  27. Your alien overlord - fear me

    Has anyone else thought that if you get shafted it's by a Dildo. Name coincidence or what?

  28. Quotes
    Megaphone

    A TalkTalk customer says...

    6 days after the hack, I'm still waiting to be notified.

    I had a call yesterday, from someone claiming to be from TalkTalk, asking me to verify my details with them before they continued with the call. I explained I wasn’t going to do that in light of their company being hacked and advice to the contrary - ‘were they aware their company had been hacked?’ The caller then hung up on me.

    TalkTalk’s core business is supposed to be **communications**

    1. Don Dumb
      Stop

      Re: A TalkTalk customer says...

      @Quotes - This might be stating what you already know but I'm pretty sure you haven't been contacted by TalkTalk there, you're a victim of the hack. The hackers have your phone number and name from the hack and are phishing for to get whatever other info they need. Imagine there's many people working through the data contacting the gullible/naive/week to get 'missing' data.

      This is why it doesn't matter that 'not everyth bit of customer data has been taken' as once you have some, you can start targeted phishing. You know they are a talktalk customer, so can pose as talktalk and work from there. I wonder how many TalkTalk customers have been contacted by phone by "TalkTalk" in the last week, who have then lost money....

  29. KieranH
    Pint

    Jumping ship

    I'm a TalkTalk customer and my natural instinct is to move Telecoms provider, but I'm worried that if I no longer have a contract with them and the worst happens -will they actually do the right thing and compensate me. As bad as TalkTalk are, I feel that would be an even more horrendous scenario. So will they lose lots of customers -perhaps not so many as you might think, unfortunately. Beer -it helps me forget.

    1. Alan Brown Silver badge

      Re: Jumping ship

      "I'm worried that if I no longer have a contract with them and the worst happens -will they actually do the right thing and compensate me. "

      That's what small claims court is for - and given the fine plus admissions, they'd have a hard job fobbing it off.

      (My experience with Talktalk is that you can spend months arguing with them over compensation or you can just file a Small Claim and they'll settle it almost immediately.)

    2. I. Aproveofitspendingonspecificprojects

      Re: Jumping ship

      I was thinking of the jumping ship analogy for people who think they have to wait. Your best route is to talk to someone with business or legal acumen who can tell you what the prospects are. If they need to act quickly enough in a worse case scenario Talk Talk can go broke and leave you in the shit.

      I would have thought someone in a magazine like this might have offered advice already. And I don't just mean readers in the comments.

  30. Anonymous Coward
    Anonymous Coward

    contact them for info?

    online agent sh*t - sorry, chat - this morning kept giving me the SALES number to call for information about their recent possible publication of my bank account details.

  31. tyne
    FAIL

    Passwords not revealed

    TalkTalk have in one of their latest statements claimed that passwords haven't been revealed due to this hack, but they've just sent a message to their business customers saying that they have changed our account login password and that I should follow the "forgot password" link on their logon page, answer our security questions and then change the password to something known.

    This begs a couple of questions;

    a) Is the "passwords not compromised" position a lie? Otherwise why the reset process?

    b) Where the security questions in the same public facing database and therefore likely to also be compromised?

  32. Slx

    It's almost inevitable that similar hacks will keep happening though.

    We need to change the whole system of how payments operate or this is gradually going to turn into a new banking crisis.

    There's only so much fraud that can be insured against before the system starts to become too expensive to operate. I don't think the banks have done nearly enough to move towards a totally secure payment system. We shouldn't be relying on 16 digit card numbers and basically trusting retailers like this.

    This is a fiasco for Talk Talk but, it'll just keep on happening as the card numbers are just an attractive treasure trove that criminals want to get their hands on and they'll always find holes in the security or the weakest link.

  33. wisiwig

    TalkTalk Shamed

    I think we are all overlooking the real point here?

    A 15 year old went to the TalkTalk website and performed a SQL Injection attack upon it, which was successful.

    This is such a basic security flaw in a website design and protection it begger's belief!

    Perhaps TalkTalk will appraise us of their Data Protection Security Strategy which allows them to publish upon the Internet a website that does not have even the basic web attacks protected!

    The TalkTalk has shamed itself!

    The TalkTalk CEO has shamed their management with her delayed advisory, lack of security knowledge and poor public comments.

    What security personnel if any were involved in the publishing of this website to the Internet?

    What were the personnel's security expertise?

    Does the website have a written security strategy?

    If so, was the strategy applied?

    When was the strategy last reviewed?

    How much do TalkTalk spend on security?

    Remember, this is this TalkTalk's third penetration!

    Have TalkTalk Security sufficient knowledge to perform the necessary forensics on their systems following the attack?

    My experience in the security marketplace leads me to believe there was much TalkTalk about security, but little action!

    TalkTalk are just one organisation that has been exposed, I fear that many more organisations will follow.

    1. Alan Brown Silver badge

      Re: TalkTalk Shamed

      "I think we are all overlooking the real point here?"

      You're missing an even bigger one

      "A 15 year old went to the TalkTalk website and performed a SQL Injection attack upon it, which was successful."

      A 15yo went to the TT website and sucessfully performed a SQL injection attack on it _after they'd been breached twice already and should have well and truely nailed that particular barn door shut_

      This isn't just an oversight, it's culpable negligence.

      1. I. Aproveofitspendingonspecificprojects

        child shamed

        What is the legal position of a 15 year old?

  34. Anonymous Coward
    Anonymous Coward

    Trusted Government Supplier

    But TalkTalk are a Trusted Government Supplier according to the Crown Commercial Service. Surely any breach wouldn't include any public sector information, would it?

  35. DPR

    Inundated

    Woke up this morning to find 66 junk e-mails in my TalkTalk inbox whereas normally I would expect 5 max. Seems an odd coincidence and am wondering if connected to the data leak ? They were mainly mail box rejection messages (thank goodness) to a wide and random variety taken from my contacts and elsewhere.

  36. Anonymous Coward
    Anonymous Coward

    Talk Talk customer ..

    threatened to leave when talking to customer services, they said I'll have to pay anyway, so i mentioned DPA "appropriate" thing, and that I work in IT (the poor guy was confused between firewalls and databases); was told a manager who would be able to answer my questions would call today.

    It's now 5pm. Guess what .. no call ...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like