TalkTalk, one of the UK's largest broadband and phone providers, is warning its 4 million customers that important personal details may have been hacked from its website. Credit card and banking details, names and addresses and account information are all thought to be vulnerable.
TalkTalk is working with the Metropolitan Police's cyber crime unit about the major security breach, which took place on Wednesday (21 October). This is not the first time the company's data has been hacked into this year.
In a statement TalkTalk said: "We are very sorry to tell you that on Thursday 22nd October a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyberattack on our website on Wednesday 21st October. The investigation is ongoing, but unfortunately there is a chance that some of the following data may have been accessed:
- Addresss [sic]
- Dates of birth
- Email addresses
- Telephone numbers
- TalkTalk account information
- Credit card details and/or bank details
"We are continuing to work with leading cyber crime specialists and the Metropolitan Police to establish exactly what happened and the extent of any information accessed."
The company is liaising with major banks to see if they are aware of any suspicious activity. Customers are currently unable to access their account information on the company's website. Many customers had reported problems with their broadband and webmail for 24 hours before the TalkTalk announcement.
Chief executive Dido Harding said: "We take any threat to the security of our customers' data extremely seriously and we are taking all the necessary steps to understand what has happened here." Managing director Tristia Harrison said: "We are continuing to work with leading cyber crime specialists and the Metropolitan Police to establish exactly what happened and the extent of any information accessed."
The company advised its customers to keep a close eye on their accounts over the coming months. "Keep an eye on your accounts over the next few months. If you see anything unusual, please contact your bank and Action Fraud as soon as possible. Action Fraud is the UK's national fraud and internet crime reporting centre, and they can be reached on 0300 123 2040 or via www.actionfraud.police.uk."
Harding told BBC News that its website is now secure again and TV, broadband, mobile and phone services had not been affected by the attack. The company's sales website and the "My account" services are still down and are expected to be restored by today (23 October).
"We brought down all our websites [on Wednesday] lunchtime and have spent the last 24 hours investigating with the Met Police. It's too early to know exactly what data has been attacked and what has been stolen. Potentially it could affect all of our customers, which is why we are contacting them all by email and we will also write to them as well."
Harding continued: "Unfortunately cybercrime is the crime of our generation. Can our defences be stronger? Absolutely. Can everyone company's defences be stronger? I'm a customer myself of Talk Talk, I've been a victim of this attack."
In August, the company said its mobile sales site had been targeted and personal data breached, In February, Talk Talk customers were warned about scammers who had managed to steal thousands of account numbers and names.