Britain's telephone and broadband provider TalkTalk said that a "significant and sustained" cyberattack on their website on 21st of October could involve the theft of private data from all of the broadband supplier's more than 4 million customers. The company said on Thursday 22nd October a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit. That investigation is ongoing, but there is a chance that some of the following data has been compromised: names, addresses, date of birth, phone numbers, email addresses, TalkTalk account information, credit card details and/or bank details.
Dido Harding, CEO, said: "TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organisations. We take any threat to the security of our customers’ data extremely seriously and we are taking all the necessary steps to understand what has happened here. As a precaution, we are contacting all our customers straight away with information, support and advice around yesterday’s attack."
Update: TalkTalk said on Friday it had received a ransom demand from an unidentified party claiming responsibility for the cyber attack.
"We have been contacted by, I don't know whether it is an individual or a group, purporting to be the hacker," TalkTalk CEO Dido Harding told the BBC, without giving details.
Jens Monrad, a Copenhagen-based security expert for U.S. cyber defense firm FireEye, also told Reuters that samples of financial data which appeared to come from TalkTalk customers had been spotted for sale in cybercriminal forums on the so-called dark web.
A TalkTalk spokeswoman declined to comment, citing the ongoing police investigation.
The group has suffered security breaches before, including in August when servers owned by Carphone Warehouse, the retailer which founded TalkTalk, were attacked, potentially affecting TalkTalk's mobile customers.