A hack on the TalkTalk website affecting up to four million customers may have been carried out by Islamic extremists, a former Scotland Yard cybercrime detective has claimed.
Messages posted online last night by someone claiming to represent “the TalkTalk hackers” said the cyberattack was carried out by a Russia-based jihadist group, and warned of more to come.
The message was posted to the Pastebin and claimed to include a sample of customers’ personal details, including email addresses and records of transactions.
It first emerged shortly after midnight, at least two hours after news of the TalkTalk hack first broke – prompting some to express scepticism about the unverified claims.
But speaking to the BBC’s Today programme, ex-Metropolitan Police cybercrime expert Adrian Culley said the attack had become an issue of “national security”.
He said: “Very late last night a hacking group posted some information on to Pastebin claiming responsibility for this attack, claiming to be an Islamic jihadi group from Russia.
“They make some unpleasant statements which I won’t repeat on the Today programme, and it appears at face value to be related to Islamic cyberterrorism.
“TalkTalk has millions of customers but it is also part of the country’s critical national infrastructure, this is a matter of national security.”
Others have expressed doubts about the “jihadist” claim of responsibility. The details included in the Pastebin message, including how the attack was carried out, are far from comprehensive.
Also speaking on Today, cyber-security expert Professor Peter Sommer said terror claims had become “par for the course” in the wake of such hacks. He said an attempt to extort money from the company or access customers’ bank account details were more likely explanations.
Dido Harding, the company’s chief executive, has apologised to customers who may have had personal data including bank details stolen in the “significant and sustained” attack.
She said customers were being urged to keep a close eye on all their accounts and report any irregularities immediately.
Ms Harding didn’t say who was behind the attack. Defending the company’s decision to reveal the security breach on Thursday night – despite it taking place on Wednesday morning – she said: “I can't even tell you today exactly how many customers have been affected. We have tried to come public as fast as we can once we have got a reasonable idea of what potential data has been lost.”
It is the third hack on the TalkTalk website since February, but Ms Harding said the three incidents were “completely unrelated”.t