The investigations by TalkTalk and the Metropolitan Police Cyber Crime Unit into the cyber attack continue, and the British broadband provider on Sunday provided an update on the incident. First of all, TalkTalk said it had hired defense company BAE Systems to investigate the cyber attack that may have led to the theft of personal data from its more than 4 million customers.
The company added that the cyber attack was on their website not their core systems. They said that they did not store complete credit card details on the website; any credit card details that may have been accessed had a series of numbers hidden and therefore are not usable for financial transactions eg 012345xxxxxx 6789. TalkTalk My Account passwords have not been accessed.
"We now expect the amount of financial information that may have been accessed to be materially lower than initially believed and would on its own not enable a criminal to take money from your account," the copmpany added.
TalkTalk said on Friday it had received a ransom demand from an unidentified party for the attack, which has led to calls for greater regulation of how companies and public bodies manage personal data.
Britain's Information Commissioner watchdog, which can impose fines of up to 500,000 pounds ($765,600), has said it is looking into the incident but security experts said the prevalence of cyber crime showed more needed to be done.
All TalkTalk customers should:
- Sign up to your free credit reporting service using this code: TT231. The company has partnered with Noddle, one of the leading credit reference agencies, to offer 12 months of credit monitoring alerts for all TalkTalk customers. To sign up for Noddle and get your free credit monitoring alerts follow these steps.
- While TalkTalk My Account passwords have not been accessed, it would be prudent to change your TalkTalk password once this service is back up and running, and any other accounts that use the same password.
- TalkTalk added that it would NEVER call customers and ask them to provide personal details or passwords.