TalkTalk claims that hack will only cost £35m
October hack to cost TalkTalk a trifling sum as it offers free upgrades to customers in a bid to keep them
TalkTalk, the internet service provider whose customer database was compromised by a group of what appears to be "script kiddies" in a SQL injection attack at the end of October, claims that the hack will only cost it around £35m - far less than earlier estimates had suggested.
CEO executive Dido Harding said that despite the hack, TalkTalk was "well positioned to deliver strong and sustainable long-term growth". Despite the costs, Harding has said that she will raise the dividend that the company will pay to shareholders this year - a move intended to arrest the slide in the company's share price since the attack.
"The estimated one-off costs are between £30m and £35m - that's covering the response to the incident, the incremental calls into our call centres, the additional IT and technology costs and, then, the fact that over the last three weeks until yesterday our online sales sites have been down, so there will be lost revenue as a result," Harding told the BBC this morning.
However, TalkTalk continues to take a hard line with customers who wish to leave the company after the third successful attack within a year. She said that only customers who had been "financially affected" as a result of the TalkTalk hack would be allowed to leave without the company demanding that they pay a financial penalty.
Ofcom, the company's regulator, refuses to get involved, either way, on behalf of customers.
Harding told the BBC that it was "too early to tell" what the longer-term impact of the breach would be on the business. She added: "We, of course, saw an immediate spike in customers cancelling their direct debit. But actually after a few days we saw many of those customers reinstating their direct debits again."
However, Harding indicated that the company would, instead, offer "free upgrades" for customers in a bid to maintain their loyalty.
The company's website and email was attacked in a distributed denial of service attack (DDOS) on Wednesday 21 October while, at the same time, its customer database was subjected to a SQL injection attack.
TalkTalk initially denied that it was the subject of an attack, until it went public the next evening - just in time to put its story on the 10 o'clock news and the first editions of the morning newspapers. Harding, meanwhile, has been widely criticised the company's response to the attack, and its seeming lack of preparedness for what was ultimately a straightforward attack.
It was thought that the personal details of more than one million customers had been compromised in the attack, but TalkTalk later downgraded its estimates to 157,000. More than 15,600 bank account numbers and sort codes were also accessed. However, a series of arrests across the country - four in total - were made within days of the attack.