TalkTalk is one of the largest providers of telephony, broadband and pay-TV services in the UK, serving consumers and businesses all over the country. However, the company has revealed that "a significant and sustained cyberattack" took place on its website yesterday - and it acknowledges that personal information and customer banking details "may have been accessed".
TalkTalk says that London's Metropolitan Police Cyber Crime Unit has launched a criminal investigation into the attack, and they are working together "to establish exactly what happened and the extent of any information accessed". However, the company concedes that the following details may have been compromised in the security breach:
- Dates of birth
- Email addresses
- Telephone numbers
- TalkTalk account information
- Credit card details and/or bank details
TalkTalk says that it is contacting its customers directly to let them know of the incident, adding that it has "taken all necessary measures to secure our website following the attack". It has also contacted major UK banks, which it says "will be monitoring for any suspicious activity" on its customers' accounts.
The company also advises that customers closely monitor their accounts to look out for any unexpected transactions.
UPDATE - 12:30pm, Oct 23, 2015: TalkTalk CEO Dido Harding has told BBC News that she has received an email demanding a ransom, from a group claiming to be responsible for the attack: "All I can say is that I had personally received a contact from someone purporting - as I say I don't know whether they are or are not - to be the hacker looking for money."
Meanwhile, details are emerging of how TalkTalk stored its customer data - and so far, it's not a pretty story:
...and there are also indications of how the attack was carried out: