TalkTalk breach: Attackers demand £80,000 for stolen data

UK Telecom TalkTalk revealed on Friday that its website has suffered an attack, that it has been taken down as a precaution, and that names, addresses, dates of birth, email addresses, telephone numbers, TalkTalk account information, credit card details and/or bank details of its you UK customers might have been stolen.

The Metropolitan Police’s Cyber Crime Unit was called in to investigate, and the company continues with its internal one. So far, they have discovered that the cyber attack was directed only against the company’s website and not their core systems, that TalkTalk My Account passwords have not been accessed.

“We can confirm that we do not store complete credit card details on the website; any credit card details that may have been accessed had a series of numbers hidden and therefore are not usable for financial transactions eg 0123 45xx xxxx 6789,” they shared in a statement published on Sunday.

“We now expect the amount of financial information that may have been accessed to be materially lower than initially believed and would on its own not enable a criminal to take money from your account.”

“There is a risk, however, that criminals may seek to use some accessed data for identity fraud,” they noted, and advised: “If you are contacted by anyone asking you for personal data or passwords (such as for your bank account), please take all steps to check the true identity of the organization.”

Affected customers, who have been notified either via email or letter, are also advised to change their account passwords despite the fact that they haven’t been compromised, and to do the same on any other accounts for which they used the same password.

According to the BBC, TalkTalk CEO Dido Harding confirmed that she received an email demanding a ransom for the stolen information, but that she can’t know for sure whether the email is genuine.

Cyber security consultant Adrian Culley says that a Russian Islamist group announced online that they were responsible for the hack but, again, it’s still unknown whether that claim is true.

According to Brian Krebs’ sources, the email received by Harding contained a request for £80,000 (around $122,000) in exchange for not publishing or selling the stolen data.

“A source close to the investigation who spoke on condition of anonymity told KrebsOnSecurity that the hacker group who demanded the £80,000 ransom provided TalkTalk with copies of the tables from its user database as evidence of the breach. The database in question, the source said, appears related to at least 400,000 people who have recently undergone credit checks for new service with the company,” says Krebs, who also says that a seller on a Deep Web black market has announced he will be offering data stolen from TalkTalk for sale.

Finally, the same source told him that the attackers executed a SQL injection to get at the data, and performed simultaneously a DoS attack against the company’s website in order to hide the theft.

“The majority of companies are still flying blind when it comes to data security, because 60 percent still think that it doesn’t affect them. The truth is, it’s no longer just a conversation for banks and governments, recent hacks and data breaches show that anyone and everyone is a potential victim,” Phil Barnet, VP of Global Sales at Good Technology, commented the breach.

“Data is a company’s bigger asset, but despite stories of data breaches constantly hitting the headlines, many companies still haven’t got to grips with how the protect their most valuable asset in this new world order of mobile devices and cloud-based access. This security challenge isn’t going anywhere and companies really need to address a new Monday’s in order to solve it.”