Hackers send ransom to TalkTalk after cyber attack

Millions of customers could have their bank details stolen after the cyber attack on TalkTalk's website. Picture: PA
Millions of customers could have their bank details stolen after the cyber attack on TalkTalk's website. Picture: PA
  • TalkTalk website subjected to sustained cyber attack on Thursday night
  • Police probing allegation of data theft but no arrests made
  • ‘Too early to say’ how many of firm’s four million UK customers affected
Have your say

A HACKER claiming to be behind the TalkTalk attack which left millions of customers of the telecoms network at risk of their data being stolen has issued a ransom demand to the company’s chief executive.

Dido Harding said she did not know whether the demand, sent to her by e-mail, was genuine.

It is not known how much the person has demanded in return for the data, which was stolen on Wednesday. The telecoms giant is investigating whether credit card and bank details were taken in the attack, the third time this year it has been the victim of a cyber crime.

“It is hard for me to give you very much detail, but yes, we have been contacted by, I don’t know whether it is an individual or a group, purporting to be the hacker,” Ms Harding said.

“All I can say is that I had personally received a contact from someone purporting – as I say I don’t know whether they are or are not – to be the hacker looking for money.”

Ms Harding admitted she did not know whether data belonging to all four million customers was involved in the theft, saying she needed to assume a “worst case scenario” until the full extent of the breach was uncovered. She added: “We think that is the most prudent and sensible way to be, to tell all of our customers that now, so that they can protect themselves rather than wait to do the analysis and give a more precise number and cause more concern to people over the long term.”

TalkTalk website hack: advice for customers

In August the company said its mobile sales site was hit by a “sophisticated and co-ordinated cyber attack” in which personal data was breached by criminals. Meanwhile, in February TalkTalk customers were warned about scammers who managed to steal thousands of account numbers and names from the company’s computers.

Scotland Yard’s cyber crime unit said it has launched an investigation alongside the National Crime Agency (NCA) but no arrests have been made.

One theory for the motive behind the attack had been Islamic extremism, with one self-proclaimed jihadi group putting what it said was personal details of TalkTalk customers on a website. However, the accuracy of the information has not been verified.

Dr David Lanc, chief executive of Edinburgh-based cybersecurity specialist Payfont, said: “The problem faced by TalkTalk is part of a massive problem impacting both individuals and companies concerned with protecting online identity and data privacy.

“Criminals are now cyber-savvy, and can steal data because they prey on known and predictable security methods and weaknesses currently used to protect data.”