TalkTalk hack data was unencrypted, company says, leaving it open to hackers despite repeated cyber attacks

The hack is the third major cyber attack on the company this year, with customers' information once again apparently being stolen

TalkTalk chief executive Dido Harding
TalkTalk chief executive Dido Harding

The customer data that was stolen in the huge TalkTalk hack was left unencrypted, according to the company, meaning that the information will now be easy for anyone that finds it to see.

The site has been hacked twice already this year, but had apparently left its customers’ data exposed for everyone to see by leaving it unencrypted. Encryption is one of the most basic security methods recommended to companies, since it means that only those with a key can actually see the documents so stealing them can be useless.

The firm has announced that millions of people have had their credit card and bank details stolen during what it said was a “significant and sustained cyber attack”.

"Not all of the data was encrypted,” the company said in an FAQ on its website. “We constantly review and update our systems to make sure they are as secure as possible.

“We're working with the police and cyber security experts to understand what happened and protect as best we can against similar attacks in future."

The attack is the third to hit the company this year. Each of them saw customers’ personal data breached and then apparently sold on to criminals, who used the easy access to attempt to scam those on the list.

In August the company revealed its mobile sales site was hit by a "sophisticated and co-ordinated cyber attack" in which personal data was breached by criminals.

And in February TalkTalk customers were warned about scammers who managed to steal thousands of account numbers and names from the company's computers.

One security expert said the latest breach could have "serious" consequences for TalkTalk's customers and "destroy" trust in phone and broadband provider.

Jason du Preez, chief executive of data privacy company Privitar, said: "These hacks are not just embarrassing to the organisations involved. They can have really serious financial and personal consequences for your users, destroying consumer trust and loyalty."

The company itself tried to the set the hack in the context of a growing amount of cybercrime.

"Unfortunately cyber criminals are becoming increasingly sophisticated and attacks against companies which do business online are becoming more frequent," wrote managing director Tristia Harrison in a letter to customers.

TalkTalk said it had contacted major banks which will monitor any suspicious activity from customers' accounts and had informed the data protection watchdog, the Information Commissioner's Office. It is also organising free credit monitoring for a year for all of its customers.

The company said any customers who notice unusual activity on their accounts should contact their bank and Action Fraud, the UK's national fraud and internet crime reporting centre.

They have also been urged to change their TalkTalk account passwords and any other accounts which use the same passwords.

Additional reporting by Press Association

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in