With more than four million customers in the UK, Wednesday's hacking attack against TalkTalk could be one of the most severe instances of personal information theft for a UK company in some time.
While it's not clear what, if any, information has been stolen what we do know is that on Wednesday evening TalkTalk's website became the target of a massive DDoS attack.
What this did was bombard TalkTalk's website with traffic until its servers collapsed. While this normally wouldn't directly result in the loss of any personal information, it's now being suggested that the attack was a diversion, allowing the hackers to get to their actual target.
According to TalkTalk the target was the following information on all four million of its users:
- Dates of birth
- Email addresses
- Telephone numbers
- TalkTalk account information
- Credit card details and/or bank details
While the company hasn't confirmed if the data has been stolen, it did admit that 'there is a chance' it could have been.
So what to do next if your a customer with TalkTalk?
Official advice from the company is as follows:
- Keep an eye on your accounts over the next few months. If you see anything unusual, please contact your bank and Action Fraud as soon as possible. Action Fraud is the UK’s national fraud and internet crime reporting centre, and they can be reached on 0300 123 2040 or via www.actionfraud.police.uk
- If you are contacted by anyone asking you for personal data or passwords (such as for your bank account), please take all steps to check the true identity of the organisation.
- Check your credit report with the three main credit agencies: Call Credit, Experian and Equifax
Security experts have also warned that the fallout from the attack could be just as dangerous. Speaking to the BBC, Manchester University's Daniel Dresner warned that all customers should show an increased vigilance against those who claim to be from TalkTalk.
Dresner explained that in the aftermath of an attack of this kind it's common for hackers to then take advantage of the situation and get even more information from the customers by posing to be from the company.
TalkTalk says to combat this all customers must remember that the company will never ask the following:
- Ask for your bank details to process a refund. If you are ever due a refund from us, we would only be able to process this if your bank details are already registered on our systems.
- Call you and ask you to download software onto your computer, unless you have previously contacted TalkTalk, discussed and agreed a call back for this to take place.
- Send you emails asking you to provide your full password. We will only ever ask for two digits from it to protect your security.