An angry TalkTalk customer said the firm should have improved security long ago, as the latest cyber attack on the company may have led to the release of customer data.
The massive hack saw the theft of up to four million customers’ personal details including names, addresses, email addresses, telephone numbers, card and bank details.
And now police in Northern Ireland have confirmed the arrest of a 15-year-old boy in connection with the cyber attack.
The company claims the stolen data is ‘not enough to access customers’ bank accounts’.
But customer Ian Halliday, a Chesterfield-based web developer, slammed the company for not improving security and said fundamental issues were revealed after their previous attack in August.
Ian, 31, from Hady said staff-members’ attitude towards security was ‘ridiculous’.
He added: “I called them up at the time on behalf of my boss who had had his email hacked. They said point blank on the phone, ‘all your details are freely visible to us in the database, even the password’.
“I told them it’s not right, I wanted more security, and there was this attitude of ‘well that’s the way it is, take it or leave it’.”
So when this latest attack took place he said it came as no surprise.
“What annoys me is that they haven’t done anything since the last attack. Last time they said it was a vulnerability on their website, and it’s exactly the same problem again.
“I’ve been spitting bricks. I’ll certainly not be renewing with them,” he said.
CEO Dido Harding said TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime.
TalkTalk spokesperson Blair Bishop said: “Cyber criminals develop new techniques all the time, so staying ahead of them is a full time job. We constantly run vulnerability checks. The vulnerability exploited by the hackers was not picked up by this testing. If it had been, we would clearly have acted on that information straight away to secure our system.”
The Metropolitan Police investigation has so far confirmed the company did not store complete credit card details, so there is little immediate damage hackers can do with bank details alone. But customers are warned that ID thieves can use your details to impersonate your bank to try and get you to reveal your password.
TalkTalk added that customers should sign up for an offer of 12 months free credit reporting with Noddle using code TT231, and said it would be ‘prudent’ for customers to change all online passwords.
Report any suspicious account activity to your bank and Action Fraud on 0300 123 2040.
Have you been hit by fraudsters since the hack? Get in touch at firstname.lastname@example.org