Four million customers of broadband provider at risk after it was hit by second major cyber attack within the last year
Experts claim that a lot of major companies are still flying blind to cyber security risks, despite recent major hacks, including TalkTalk’s second breach within a year that has left millions of customer’s data at risk.
Good Technology VP of global sales Phil Barnett said organisations have taken a blase approach to securing customer data, with 60 per cent of businesses claiming breaches “don’t affect them”.
“The majority of companies are still flying blind when it comes to data security, because 60 per cent still think that it doesn’t affect them,” Barnett said.
“The truth is, it’s no longer just a conversation for banks and governments, recent hacks and data breaches show that anyone and everyone is a potential victim.
“Data is a company’s bigger asset, but despite stories of data breaches constantly hitting the headlines, many companies still haven’t got to grips with how the protect their most valuable asset in this new world order of mobile devices and cloud-based access.
“This security challenge isn’t going anywhere and companies really need to address a new Monday’s in order to solve it.”
The comments came after TalkTalk admitted every one of its four million customer base could be affected by the hack, which occurred yesterday (October 22). It is the second time the firm has been attacked this year, after an email scam hit its customers in February.
CEO Dido Harding apologised to its customers and said that TalkTalk is now working with the cyber crime unit of the Metropolitan Police to establish what happened and the extent of the information taken.
ESET security specialist Mark James claimed the data that may have been taken could put customers at risk of identity theft.
“There was “some partial” encryption of credit card numbers we are led to believe, but businesses need to understand that all our private data has a value not just the direct financial stuff,” he explained.
“The majority of this haul will be used for targeted phishing attacks to gain more useable data by trying to establish a trust relationship with you by using partial true info in their attack. This is a lot more successful with even a small degree of validated information like your complete name and DOB or even home address.”
He advised TalkTalk customers to change any passwords they were using that matched the password on their TalkTalk account, and to keep a close eye on financial transactions for any suspicious activity.
James added: “Check your bank and credit card statements, make use of the obligatory credit checking service and be very weary of emails and even phone calls that could be using your stolen data from TalkTalk.
“Companies should implement proper use of cryptography, encrypting the sensitive data and hashing the passwords in cryptographically sound way. We are forced to trust companies with our data and so often that trust is lost through no fault of our own.
“Keeping the public and those affected by this breach up to date with what they have, intend and will do about this should be a priority.”
Major hacks are rising
Imperva CTO speculated that the hack was carried out using SQL injection, the same method an expert hacker claimed was used to breach Carphone Warehouse security in August.
Schulman said it was a common theme in recent hacks, adding: “I have reviewed some of the data and my guess would be that the attackers used a SQL injection for at least part of the attack. My advice to customers would be to keep a close eye for fraudulent activity on back accounts and be particularly vigilant of phishing attacks.
“The theme that keeps repeating itself is that every time such a breach occurs, media outlets focus heavily on the stolen credit card numbers, however, in practice, for the average person the theft of personal data is much more critical.”