TalkTalk cyber-attack - incompetence or an inside job?

Latest TalkTalk data breach possibly the work of an insider, suggests security expert

Another week and another high-profile company has found itself the victim of a cyber attack that has seemingly resulted in hackers making off with the private information of millions of customers.

This time it's TV, broadband and phone service provider TalkTalk that has been the target of a severe cyber attack. The firm confirmed that the credit card and bank details of four million customers could have been compromised.

"There is a chance that some of the following data has been compromised: names, addresses, date of birth, phone numbers, email addresses, TalkTalk account information, credit card details and/or bank details," TalkTalk managing director Tristia Harrison said.

A TalkTalk spokesperson told Computing that the company "has taken steps to secure the website".

"The current focus is very much on contacting customers to let them know what has happened and working with leading cyber crime specialists and the Metropolitan Police to establish exactly what happened and the extent of any information accessed," they added.

They didn't disclose when it was first suspected a data breach might have occurred, but after experiencing unusually high latency on Wednesday "the website was shut down as soon as TalkTalk noticed unusual activity".

However, it isn't the first time TalkTalk has been slow to react to a cyber attack; it took the firm two months to admit that hackers stole customer details following an intrusion that took place in December last year.

The way TalkTalk has handled its latest security blunder has also come under fire, because the company went straight to the media instead of emailing customers directly.

"So annoyed to have found out about the #talktalk breach in the news. At the very least all customers should have been emailed," Tweeted one angry customer.

So why has TalkTalk once again failed so spectacularly when it comes to keeping customer details safe? One security expert has suggested that it could be an inside job by a disgruntled employee.

"Typically companies blame cyber criminals in order to quickly take the blame and pressure off of themselves," said Mark Rodbert, CEO of predictive identity analytics company Idax.

"For breaches to happen three times in one year though, I'd be surprised if there wasn't some sort of internal involvement either unwitting or deliberate. Companies prefer the idea of the evil genius hacker, to the trusted employee gone rogue," he continued.

"Either TalkTalk's internal controls are completely inadequate, or someone with undue access to data has gone rogue," Rodbert added.

David Emm, principal security researcher at Kaspersky Lab, suggested that TalkTalk hasn't learned lessons from previous security incidents, despite the repercussions it suffered.

"What is worrying is that this is the third time TalkTalk has been compromised this year, with no apparent changes to their internal policies and security strategies," he said.

Emm argued that the repeated incidents represent a breach of trust, especially if - as some reports suggest - the data wasn't encrypted.

"TalkTalk hasn't yet been able to quantify the scale of the breach, but any loss of data is a matter for serious concern for customers; and I believe that such repeated leakage of data represents a breach of trust.

"It is alarming if any data is not encrypted - as it effectively hands over personal information to the attackers," he said.

Emm also warned TalkTalk customers to be on their guard and be cautious about receiving any emails that seem to be from TalkTalk because they could be hackers looking to take advantage of the situation.

"The hackers behind the attack may already have been able to formulate phishing emails, so consumers must think carefully about whether the emails they receive are legitimate," he said.

"People should also be aware that scammers may also approach people via telephone, claiming to be from TalkTalk and requesting remote access to the computer. Do not give out any of your personal details, or access to your computer, to anyone," Emm concluded.

TalkTalk has said it's already working with the police to investigate the potential data breach and the Information Commissioner's Office is already "making enquiries" into the incident.