TalkTalk customer details, including addresses and bank details, have been posted online by a group of hackers that appear to be linked to Islamic extremists. The data dump, posted online early Friday (23 October) morning, is accompanied by the message "Jihad from us is coming".
A TalkTalk spokesperson told IBTimes UK the company was aware of the data dump and police were investigating, but the firm did not confirm if the details were those of its customers. Several of the email addresses in the dump contacted by IBTimes UK confirmed they either were currently TalkTalk customers or had been at some stage in the past.
One victim of the dump said he had signed up to TalkTalk around two months ago, but had cancelled the service within 14 days. The company had not contacted him with regards to the cyberattack, or the customer list posted online.
'We are in Europe, we control America'
The data dump, titled "Message from TalkTalk Hackers", included phone numbers, home addresses, email addresses, TalkTalk account numbers and bank details. Bank account details included sort codes, but account numbers were removed.
"We Have adapted To The Security measures Of The Web," a message accompanying the data dump said. "We Cannot Be Stopped. We Have Made Our Tracks Untraceable Through Onion Routing, Encrypted Chat Messages, Private Key Emails, Hacked Servers. We Will Teach our Children To Use The Web For Allah.. Your Hands Will Be Covered In Blood.. Judgement Day Is Soon.
"Our One Childrens Name Is Mohammed. Your Women Are being Taken Over By Us. Your Children are being Killed By Us For Being S**t On Earth. WE Are In The Soviet Russia And Near Place, Your Europe, WE control Asia, We Control AMERICA. Prepare, Secure Your Websites, Secure Your Borders, Secure Your Country, But Jihad From Us Is Coming."
According to TalkTalk's official statement on the matter, "there is a chance" that customers' personal information has been compromised, including names, addresses, date of birth, phone numbers, email addresses, TalkTalk account information, credit card details and bank details. It has not been revealed when customers can expect to be informed by the company of whether they have been personally affected, if at all.
A 'wake-up call'
Cybersecurity experts have criticised TalkTalk for the firm's lack of preparedness for such attacks. Richard Parris, CEO of digital identity expert Intercede, said the cyberattack should be a "wake-up call" for all companies serving consumers and storing their personal data.
"It really is time that these major businesses gave the issue the attention it deserves – they need to stop relying on simple password-based authentication and to start applying enterprise-grade solutions," Parris said. "Protecting customers' private data should be a top priority for any organisation. Failure to demonstrate that adequate safeguards are in place will inevitably result in customers, and revenues, disappearing."
The TalkTalk spokesperson told IBTimes UK the company had first noticed "unusual activity" on its website on 21 October, which led to the launch of a criminal investigation. When asked what TalkTalk planned to do to prevent future attacks, considering that this was the third attack on the firm to take place this year, the spokesperson said that each cyberattack was different and they would be working with cybersecurity experts to better secure its site and computer systems.
In a statement released to the media, TalkTalk CEO Dido Harding said: "TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organisations. We take any threat to the security of our customers' data extremely seriously and we are taking all the necessary steps to understand what has happened here. As a precaution, we are contacting all our customers straight away with information, support and advice around yesterday's attack."
UPDATE: A statement from Detective Superintendent Jayne Snellgrove of the Cyber Crime Unit said there have so far been no arrests and that enquiries are ongoing.
"TalkTalk have done everything right in bring this matter to our attention as soon as possible," she said. "The Met has one of the largest cyber crime and fraud teams in Europe, with up to 500 specialist officers dedicated to tackling this sort of offence. Our success relies on businesses being open with us and each other about the threats they encounter.
"This case is just one example of the new generation of criminality my team are dedicated to tackling. We continue to lead on this investigation but are working with the National Crime Agency (NCA). Operation Falcon sees a more focused and joined-up approach by the MPS, the business industry and other law enforcement agencies to ensure that we quickly identify the issue - in this case alleged data fraud - and immediately set about working to protect the public, designing out the crime and arresting the culprits."