Over the last few days, more details pertaining to the recent news that TalkTalk has suffered a data breach have been made public, but there are still many questions about exactly what was taken. In many data breach cases, details are limited by the need for the company and law enforcement agencies to ascertain the extent of the breach and to collect evidence.
With the news that a suspect has been arrested in connection to the cyber attack, I am sure more details will start to become available over the coming days.
So far, it appears the data exposed – some of which may have been encrypted – could include: names, addresses, DoBs, email addresses, phone numbers, TalkTalk account information, bank details and partial credit card details. But what could this mean practically?
Take account information, for example – is a user’s Active Choice information held within their account settings? If so, I wonder how many people would be embarrassed by people discovering they have disabled porn filters on their broadband. With this sort of personal information, could we be looking at ‘Ashley Madison 2.0′?
Looking at recent data breaches, spear phishing is a frequent method of entry – targeting individuals within a company or organization to reveal details allowing hackers access to internal systems.
This means implications for both companies and consumers. Organizations should limit employee access to sensitive information in order to limit the risk of falling victim to attacks like this. Employee education – ensuring workers are aware of the dangers – is also paramount.
My advice to consumers:
- Ensure other online accounts aren’t using the same email and password combination as stored with TalkTalk. If so, change them.
- Be wary of spammers sending emails that look like they’re coming from TalkTalk. Scrutinize these emails carefully and, if in doubt, contact TalkTalk directly to ensure it’s an official communication.
- If you are concerned that credit card details have been breached, then call your card company and have the card suspended or stopped.