TalkTalk receives massive fine for 2015 data breach

Posted by Tom Blandford in Identity Theft on 10 October 2016 - Tom is a Credit Analyst at checkmyfile

It would have been hard to miss TalkTalk’s massive data breach last year following a cyber-attack by two teenagers. The information of 156,959 customers including their names, dates of birth, where they lived and contact details were obtained by the hackers and in the case of 15,656 customers, this included bank account information.

Following the investigation, the ICO concludes the hack could have been avoided because the hackers used known vulnerabilities and TalkTalk was using out-of-date software.

The hackers targeted infrastructure that was transferred to TalkTalk following its purchase of Tiscali’s UK business in 2009 and there were a number of vulnerabilities in the webpages obtained as part of the acquisition. Once purchased, the ICO found TalkTalk failed to check the inherited information for weaknesses the hackers could exploit. The regulator also concluded that the risks could have been quite easily mitigated by obtaining known fixes or updating software.

Speaking of the matter, Information Commissioner Elizabeth Denham said, “TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease.

“Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”

When targeting the database acquired from Tiscali, the hackers used a known technique called SQL injection. Since it is so well known, the ICO states TalkTalk should have been able to implement defences and also should have been aware of the risk of a hacker using SQL injections.

In fact, if TalkTalk had been more proactive to protect its customers’ data, the internet provider would have been prepared for the massive data breach following two previous SQL injection attacks in July and September this year.

Although limited to how TalkTalk complied with the Data Protection Act, the results conclude TalkTalk failed to protect its customers’ data by having insufficient security in place which is a breach of principle 7 of the act.

Ms Denham continues to state, “In spite of its expertise and resources, when it came to the basic principles of cyber-security, TalkTalk was found wanting.

“Today’s record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue. Companies must be diligent and vigilant. They must do this not only because they have a duty under law, but because they have a duty to their customers.”

Check Your Multi-Agency Credit Report

30 Day Free Trial

Personal Data in the Wake of Facebook/Cambridge Analytica

Strange as it might sound to some, huge numbers of people routinely complete online surveys through Facebook to find out which football player they are most like, which Hogwarts house they should be in or how much money they will be earning in 2050. The truth is, every time you volunteer seemingly innocuous information or consent to share profile information with an app, your data is probably going somewhere to be used for another purpose.

Published on 17 Apr 2018 by Paul Anderson-Riley

Full Article

Identity Fraud: What To Do If It Happens To You

Year on year, there has been a substantial rise in the number of identity fraud cases being reported to organisations such as Cifas, the UK’s fraud prevention service. It’s no real surprise when you consider the crime can be committed from the comfort of someone’s home without ever having to risk showing their face.

Published on 6 Feb 2018 by George Coburn

Full Article

What's a Politically Exposed Person (PEP) & Why is it on my Report?

PEP stands for Politically Exposed Person, which would typically relate to an individual who has a prominent public title or function. If you receive this classification, often you will have to undergo additional security checks when applying for finance. Your credit file will tell you if you have been identified as a PEP, however for most people it isn’t something they’ll need to worry about.

Published on 8 Jan 2018 by Paul Anderson-Riley

Full Article

Brits continuing to fall for HMRC and Apple gift card scam

At the face of it, it seems a bit odd that the company responsible for collecting taxes would request payment from individuals in the form of an Apple iTunes gift card, but according to Action Fraud, this scam has continued to be profitable for fraudsters. The scheme first came to light in May last year and Action Fraud have received hundreds of complaints since then.

Published on 30 Jan 2017 by George Coburn

Full Article

Yahoo’ve been hacked – Yahoo in largest ever reported data breach

In the last two years, we have already been alerted to data breaches at Three Mobile, Tesco Bank, TalkTalk, Morrison’s, Steam and Sage, amongst others. The scale of these hacker attacks have varied. But none have come close to the newest report.

Published on 16 Dec 2016 by Ben Tumilty

Full Article

Lloyds bank letter scam

Millions of consumers have been warned to be vigilant and question written correspondence from their banks following a sophisticated scam which has targeted customers of Lloyds Bank.

Published on 12 Dec 2016 by Kirstie Brown

Full Article

Digital footprints - taking a step in the right direction

Credit reports and the internet are now not too far away from each other in evaluative skill, as there is a lot that can be learnt about an individual from their online presence.

Published on 1 Dec 2016 by Paul Anderson Riley

Full Article

Another giant data breach

Only last year a communications giant had a serious data breach, which left customer’s details in the hands of fraudsters. But following in Talk Talk’s footsteps, the mobile giant Three have revealed that over 400 phone handsets had been stolen thanks to a security breach where fraudsters were able to login to Three’s systems.

Published on 22 Nov 2016 by Ben Ryland

Full Article

The Taxing Scammers

Some people question paying taxes in the first place, so it’s no surprise that around 50,000 people a day are being targeted as a part of a tax refund scam in the UK. Personal details have been shared with scam artists pretending to be government officials claiming that a refund could be due.

Published on 1 Nov 2016 by Paul Anderson Riley

Full Article

British banks still failing to protect customers from ID theft

Consumer group Which? has today criticised some of the biggest banks in Britain for failing to invest in security systems that would better protect their customers from fraudulent activity. This criticism comes as a result of a 64% increase in online banking fraud last year alone, with losses of £133.5m. Fraud for phone banking rose 28%, with losses of £323.3m.

Published on 27 Oct 2016 by Kirstie Brown

Full Article
keyboard_arrow_left

keyboard_arrow_right

We have loads of great customer reviews