Talk Talk Hit By Cyber-Attack, Records Of 4m Customers At Risk
Talk Talk, a UK Telecoms company that specialises in mobile phone services to the consumer market, reported last night that its website had been hit by a major cyber attack. Further statements indicate that whilst initially thought to be a Distributed Denial Of Service attack on their website - the tool of choice for many hacking groups - the actual target may have been the main customer database. As a result Talk Talk have warned that customer data may have been accessed, including account information and credit card details.
In a follow-up interview with the BBC today Talk Talk CEO Dido Harding stated that a criminal investigation had been opened by the Met Police Cyber-crimes Unit. Although she wouldn't be drawn on speculating about the identity of the perpetrators, Harding did also verify that "[Talk Talk] have been contacted by an individual or group purporting to be the hacker... looking for money".
This is just the latest in a series of targeted attacks against international businesses which, rather than sell information on the so-call dark web, ransoms confidential information for a more lucrative pay-day. Payment in Bitcoins, the difficult to trace alternative currency, is typically demanded or the collected information as a whole is posted to a throwaway Pastebin page or distributed on torrent networks.
Earlier this week UK tech etailers Aria PC Technology, SCAN Computers, NOVATECH and CCL were also hit with a DDOS attack that took down their businesses for a time. Aria, in response to a blackmail demand by a hacking group, fought back by posting their own £15000 bounty for the individual or group responsible.
The ongoing attack highlight the need not only for high-end web security when dealing with customer data - especially personal and credit card data - but also the critical importance of robust encryption for those databases in the event of a breach.
SOURCE: BBC.com, ChannelWeb.co.uk