TalkTalk plays down initial cyber attack fears


CEO Dido Harding says investigation shows data stolen is “smaller than originally feared” and no credit card details or passwords were taken

TalkTalk CEO Dido Harding has again apologised to its four million customers following last weeks cyber-attack to its website, but says the amount of data potentially stolen is now “smaller” than first feared.

The fixed line and mobile provider confirmed last week its website had received a “sustained and significant” attack by cyber criminals, with customer names, addresses, date of births, phone numbers, email addresses, and bank and credit card information feared to have been compromised.

However, addressing customers over the weekend via a recorded video message, Harding says the investigation now shows the “worst case scenario” fears have not been realised. She revealed the firms core back office system was unaffected, with hackers only accessing information through its “shop front” website.

Screen shot 2015-10-26 at 09.29.59
Harding addresses TalkTalk customers. Click here for full recording

Bank details encrypted 

All credit card information through the website is encrypted, she said, with the six-middle digits of the card numbers blocked out, making the information worthless to criminals. She also confirmed customer passwords for its My Account service, which includes payment information, were not accessed during the attack.

TalkTalk now expects the amount of financial information that may have been accessed to be materially lower than initially believed and would on its own not enable a criminal to take money from your account

“As soon as we had enough information to warn our customers we came out publicly to tell the what had happened and to give the the best advice o how to protect themselves,” said Harding. “I understand what a worrying and frustrating time time this has been for our customers and once again want to say how sorry we are.

“Right from the start we have done everything we can to get to the bottom of what happened and to keep our customers updated all the way. That is why we came out publicly to warn our customers what the worst case scenario might be. The investigation is still ongoing but the findings so far show that the number of customers affected and the amount of data potentially stolen is smaller than we originally feared. No banking details were taken that you wouldn’t already be sharing when you write a cheque or give to someone so they can pay money in to your account.

“We hope this news will provide some assurance to our customers as we continue to work through the rest of the investigation.”

Remain vigilant

Whilst initial fears have been played down, TalkTalk is still encouraging customers to remain extra vigilant, requesting the change all their existing TalkTalk passwords and to closely monitor their bank accounts.

Harding confirmed TalkTalk has teamed up with online credit monitoring service provider Noddle which will provide a years free access to customers to manually monitor all activity on their bank accounts. Customers can access Noddle service for free by entering the code TT231.

Harding also reiterated to customers that TalkTalk does not and will not ever contact its customers by phone requesting them to provide any personal information or passwords.

“Report anything suspicious,” said Harding. “Keep an eye on eye on your bank account and report anything unusual to your bank as soon as possible. Please take all steps to check the true identity of any organisation that calls you and asks you to provide personal information.

“There were 625,000 cyber crimes committed in the UK every month over the summer. Sadly the digital world is just as full of criminals as the physcial one. Please be vigilant.”

TalkTalk advice breakdown

  • Sign up to your free credit reporting service using this code: TT231. We have partnered with Noddle, one of the leading credit reference agencies, to offer 12 months of credit monitoring alerts for all TalkTalk customers.
  • Change your passwords – While TalkTalk My Account passwords have not been accessed, it would be prudent to change your TalkTalk password once this service is back up and running, and any other accounts that use the same password.  We will update as soon as services are restored
  • Report anything suspicious – Keep an eye on your bank account and report anything unusual to your bank and Action Fraud as soon as possible. Action Fraud is the UK’s national fraud and internet crime reporting centre, and can be reached on 0300 123 2040 or via
  • Stay vigilant – TalkTalk will NEVER call customers and ask you to provide personal details or passwords. Please take all steps to check the true identity of any organisation that calls requesting for personal information. You can call us on 0800 083 2710 or 0141 230 0707.