TalkTalk didn't use basic security that could have protected its 4 million customers' details
Imgur
Encryption is a method of scrambling data so that it can only be understood by someone with the correct key or password, and is considered standard practice in safeguarding sensitive data.
But in an FAQ posted online after the hack, TalkTalk says that "not all of our data was encrypted."
Dido Harding, CEO of TalkTalk, told the BBC that she "can't confirm" that customer data was encrypted.
'I can't confirm that the data has been encrypted' - Dido Harding, chief executive of #TalkTalk on cyber attack.
- BBC Radio 4 Today (@BBCr4today) October 23, 2015
As Tom Cheshire, technology correspondent for Sky News, puts it:
Even if you hadn't been hacked twice in recent months, to keep 4m customers' data unencrypted is appalling #TalkTalk
- Tom Cheshire (@chesh) October 23, 2015
Someone claiming to be the hacker has posted what appears to be a small dump of TalkTalk customer data online. It's difficult to verify it conclusively, but BuzzFeed has spoken to one individual included in the dump who has confirmed he was a TalkTalk customer.
This data dump shows the customer's name, address, telephone number and redacted (by the hacker) bank account details - suggesting that, if legitimate, even banking details may not have been encrypted properly. This would be a huge security screw-up, and put all 4 million customers at risk of fraud.
Even if bank account details were encrypted, that other data wasn't puts users at increased risk of scams and criminal activity.
The Metropolitan police is now investigating, and Harding says the company is "very sorry" for the hack.
- Fresh photographs of Milky Way’s black hole Sgr A* reveal strong, twisted magnetic field similar to M87*
- 8 Lesser-known places to explore in Himachal Pradesh
- Markets end FY24 on buoyant note amid positive global cues
- SRM Contractors IPO allotment – How to check allotment, GMP, listing date and more
- Rupee falls 6 paise to settle at 83.39 against US dollar