TalkTalk hack data was unencrypted, company says, leaving it open to hackers despite repeated cyber attacks

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

The customer data that was stolen in the huge TalkTalk hack was left unencrypted, according to the company, meaning that the information will now be easy for anyone that finds it to see.

The site has been hacked twice already this year, but had apparently left its customers’ data exposed for everyone to see by leaving it unencrypted. Encryption is one of the most basic security methods recommended to companies, since it means that only those with a key can actually see the documents so stealing them can be useless.

The firm has announced that millions of people have had their credit card and bank details stolen during what it said was a “significant and sustained cyber attack”.

"Not all of the data was encrypted,” the company said in an FAQ on its website. “We constantly review and update our systems to make sure they are as secure as possible.

“We're working with the police and cyber security experts to understand what happened and protect as best we can against similar attacks in future."

The attack is the third to hit the company this year. Each of them saw customers’ personal data breached and then apparently sold on to criminals, who used the easy access to attempt to scam those on the list.

In August the company revealed its mobile sales site was hit by a "sophisticated and co-ordinated cyber attack" in which personal data was breached by criminals.

And in February TalkTalk customers were warned about scammers who managed to steal thousands of account numbers and names from the company's computers.

One security expert said the latest breach could have "serious" consequences for TalkTalk's customers and "destroy" trust in phone and broadband provider.

Jason du Preez, chief executive of data privacy company Privitar, said: "These hacks are not just embarrassing to the organisations involved. They can have really serious financial and personal consequences for your users, destroying consumer trust and loyalty."

The company itself tried to the set the hack in the context of a growing amount of cybercrime.

"Unfortunately cyber criminals are becoming increasingly sophisticated and attacks against companies which do business online are becoming more frequent," wrote managing director Tristia Harrison in a letter to customers.

TalkTalk said it had contacted major banks which will monitor any suspicious activity from customers' accounts and had informed the data protection watchdog, the Information Commissioner's Office. It is also organising free credit monitoring for a year for all of its customers.

The company said any customers who notice unusual activity on their accounts should contact their bank and Action Fraud, the UK's national fraud and internet crime reporting centre.

They have also been urged to change their TalkTalk account passwords and any other accounts which use the same passwords.

Additional reporting by Press Association