Personal data on four million customers, potentially including bank details, was stolen from UK telecoms group TalkTalk in an “significant and sustained” attack by hackers last week, the company said. TalkTalk CEO, Dido Harding, insisted that the firm’s cybersecurity was “head and shoulders above” that of its competitors, but TalkTalk was unable to confirm how much of the information was encrypted in the first place. A 15-year-old teenager from Northern Ireland was arrested, and subsequently bailed, in connection with the attack.
What the commentators said
This was not the first time that TalkTalk has been targeted, noted Jonathan Ford in the FT. “Two earlier break-ins in the past year have already tarnished its reputation for keeping data safe.” And the latest one comes at a time of broader doubts about the firm’s strategy, with its market share of more lucrative retail broadband customers shrinking.
Now this latest security breach “could well leave an indelible stain” on the company’s reputation, said Stephan Shakespeare in City AM. TalkTalk has already decided to pull its advertisements from the X-Factor to cut public exposure for a while, but this “shift in marketing will not erase consumers’ fears”. Yet it’s not only TalkTalk that needs to learn hard lessons from this incident. Data breaches of this kind are increasingly common. They can continue to damage a company’s brand “long after a hacker has been caught and prosecuted”.
As cybercrime is becoming increasingly common, firms need to reassess their security measures. “If you can’t secure your customers’ data, you will find it difficult to secure their trust.”
Originally published in MoneyWeek 30/10/2015: http://moneyweek.com/talktalk-hit-by-a-cyberattack/