We are now two years on from the TalkTalk hacking scandal, and we are helping a number of individuals claim compensation as victims of the breach. In October 2015, TalkTalk was yet again subject to another data breach by hackers when around 157,000 customers had their personal information reportedly accessed. The hack exposed some customers’ names, addresses, dates of birth, phone numbers and email addresses. For around 10% of the victims, this also reportedly included bank details, raising fears that accounts could have been accessed.
Hackers used software to illegally access information and then appeared to upload the company’s weaknesses on the internet. It is thought that none of the personal information accessed was encrypted.
Consequences
Since the hacking – which was thought to be TalkTalk’s third data breach in a year – the telephone and broadband giant’s shares dropped significantly and the company has lost around £60 million pounds, and apparently some 95,000 customers left the service.
The Information Commissioners Office (ICO) investigated how the data breach came about and TalkTalk’s role in preventing and reacting to it. Along with security experts, the ICO condemned TalkTalk’s apparent lack of security and slow response to the hack.
Since there was inadequate security and no data encryption, hackers could easily find weaknesses to attack the system. The most infuriating thing for many was that this was their third breach in a year. TalkTalk should have taken the very first breach seriously enough and implemented better security measures to protect their customers’ safety.
The lack of encryption was a key talking point as the majority would consider this to be the very first and most basic security measure.
“TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease”
Elizabeth Denham, ICO.
ICO fine
The ICO fined TalkTalk £400,000 for their lack of security measures and inadequate response to the hacking. TalkTalk risked the personal information of their four million customers by failing to uphold their legal duty under the Data Protection Act to ensure the information they held was safe and secure. The ICO did not take it lightly that it was their third data breach either.
Arrests made
Four people were arrested in 2015 for the hacking.
- A 15-year-old boy in Northern Ireland
- A 16-year-old boy in West London
- A 20-year-old man from Staffordshire
- A 16-year-old boy from Norwich
The last of these suspects later admitted his part in the hacking. He pleaded guilty in the Norwich Crown Court for offences committed under the Computer Misuse Act and was sentenced to 12 months in rehabilitation.
For many, this seemed like a simple slap on the wrist given the extent of the data breach. The media seemed dismayed that the offender didn’t receive a custodial sentence.
Jason du Preez, CEO of security firm Privitar, was not impressed and slammed the attack:
“These hacks are not just embarrassing to the organisations involved. They can have really serious financial and personal consequences for your users, destroying consumer trust and loyalty.”
Image Credit: https://thehackernews.com/2015/10/talktalk-data-breach.html