You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
Heard on the radio that Talk Talk have been hacked again.
I know this can perhaps happen to any large company these days, but that's at least twice now and I think it's time to look for an alternative - the broadband service is not very good anyway and we frequently get phone calls pushing us to sign up to their TV box which we don't want, so no good reasons to stay with them.
We've already ended up having daily 'Talk Talk customer service' calls from people doing the 'Microsoft style fraud' as a result of the last hack.
What provider are people using for phone & broadband. Any you can recommend? Any you don't recommend!?!
PlusNet always seem to pop up as a good provider to go for.
How about BT? Always seem a bit more expensive, but perhaps you get what you pay for?
I would be interested to hear what happened with this one - how did they get bank account numbers from a website hack ? Somebody isn't doing their security properly.
They were saying on radio 4 this morning the stolen data has already turned up on t'internet.
Been with PlusNet for a llloooonnnnngggggggg time, can't fault them. I've never had any trouble at all, and any time I've heard of someone that has it's actually been a BT element that's let them down
I have used BT for years - they only stuff up they have made was sending me the alert that my broadband was WAY over usage to a BT email account I didn't even know I had, let alone use.
I managed to get the charges refunded with no arguments, as I definitely didn't use the astronomical amount they were trying to charge me for.
I'm with TalkTalk too. They only have my bank details (not credit/debit card) so I'm not sure how they could get money out. The information they have is only what would be on a cheque.
Am I wrong?
That's what I was wondering too.
Little risk in them having your bank details.
Much more risk in them having your password, if you re-use the same password across many sites as some folk tend to do.
It said there was a chance that some of the following customer data, not all of which was encrypted, had been accessed:
Names and addresses
Dates of birth
Email addresses
Telephone numbers
TalkTalk account information
Credit card and bank details
Yup exactly what's on a cheque.
Yes, I always put my address and date of birth on a cheque, usually with my mother's maiden name, you know, in case somebody wants to send me a birthday card.
I've been with BT for a few years after moving from sky (I had a really bad service from sky, it was really slow at peak times and very intermittent connection) moved to infinity and obviously it's faster but it's a constant connection and BT have been great to deal with.
My sister is also with BT and I moved in about three months ago, no one told me that it was only a 40gb a month plan so when I ate through 500gb in the first month they recieved a massive bill! My BIL rang up to question it and they refunded without question and upped his plan for free.
All in all I would recommend BT.
the-muffin-man - MemberI'm with TalkTalk too. They only have my bank details (not credit/debit card) so I'm not sure how they could get money out. The information they have is only what would be on a cheque.
Am I wrong?
What they are saying on the website is that the hackers can't access your bank account through this hack (obviously), but the details can be used for identity theft or online fraud - so check your accounts regularly over the next few months for suspicious activity & report anything you see.
The TalkTalk website does mention a year of credit monitoring for all affected customers, with details to follow.
I'm not sure entirely what that means, but it sounds mildly re-assuring from a credit rating point of view.
So, PlusNet & BT looking like likely contenders at the mo....
Cannot see the mention of credit rating...where is that? Heard CEO on radio 5 mention it...off to plusnet I think,
Guys - this is really shit.
And I'll explain why: I work for TalkTalk. And I'm a customer.
This is the first data loss suffered directly by us: the first two were as a result of thefts from two partner organisaitons. Legal activity is ongoing with both of them.
This was a direct criminal attack to steal the personal data of 4m customers. We are often under DDOS attack - all large businesses are - and this initially looked like that. But it quickly became clear that it was more than that, hence us taking our sales sites offline.
Because it's a criminal attack the police are already involved - it's not clear yet where the attack has come from, though a Russian terrorist group is currently claiming responsibility.
We have advice for our customers: if you are or think you're affected then go [url= https://myaccount.talktalk.co.uk/home/dashboard ]HERE[/url] and [url= http://help2.talktalk.co.uk/oct22incident ]HERE[/url] for more information.
If you try to call please note that there are huge queues into the contact centres, so please be patient.
We're also emailing every customer (this will take time to avoid overloading the systems further) and are also writing to those who may not pick up up their emails.
You can also find info via our online community teams on [url= https://twitter.com/TalkTalkCare?ref_src=twsrc^google|twcamp^serp|twgr^author ]Twitter[/url].
As an organisaiton we're really sorry this has happened and are working hard to find out the scale of the attack and the potential impact on our customers.
Like I say, it's really shit.
The TalkTalk website does mention a year of credit monitoring for all affected customers, with details to follow.
I'm not sure entirely what that means, but it sounds mildly re-assuring from a credit rating point of view.
It's so that all customers are able to keep a close eye on their credit file as a methiod of spotting fraudulent activity (e.g, to spot credit searches made against their name that they haven't instigated).
I'll be using it and I shall be speaking to my bank today to get some checks put on transactions.
Ourman......thanks for the posts really helpful....still cannot see how to use it nor mention on the site.....am I missing something?
oumaninthenorth - thanks for the explanation...
We've been a customer for quite a while now (the whole time we've been in our current house - almost 5 years and probably about 2 years before we moved).
While I can see that it must be massively frustrating for you & the rest of the TalkTalk staff (you e-mailed me a while back after I mentioned on here the 'customer service hack' phone calls I was getting) - as an outsider, it does seem to be that TalkTalk are more susceptible than other firms to successful cyber attacks?
It's irrelevant to the customer whether attacks occur to TalkTalk themselves or to 'partner organisations' if the end result appears to be the same.
It's good to see that there are plenty of measures being taken, and I appreciate you posting here & including the links that you have.
vondally - MemberOurman......thanks for the posts really helpful....still cannot see how to use it nor mention on the site.....am I missing something?
The talk talk page I looked at earlier said that details are to follow (on the credit monitoring), so I imagine you'll get an e-mail or a letter in due course to explain more. I suspect that is something that takes a while to organise for 4m people!!
It's irrelevant to the customer whether attacks occur to TalkTalk themselves or to 'partner organisations' if the end result appears to be the same.
Absolutely right. Ultimately it's the people affected - our customers - and they should not have to worry about how or where it's happened.
Ourman......thanks for the posts really helpful....still cannot see how to use it nor mention on the site.....am I missing something?
Once the email comms start filtering through there will be info there on how to utilise the service.
@ stumpy - yes, emailing 4m customers and not causing them any other service issues does take some time!
Stumpy get that and yes understand however as an internet naysayer and doom just feels all my pigeons and fears may have come home to roost....... 🙁
Plus (all credit to ourman) may experience with talk talk has been dire recently we have been with them nearly a decade, so was going to move but did not so more frustration.
So, last time it happened my banks changed my cards.
The credit monitoring has got to happen now. I'm tempted to just get it organised myself.
Are there sufficient grounds to leave talk talk based on this?
My mum left talk talk because they are with out doubt the worst company she has ever dealt with. Cut off her phone and the only number she could phone was the bank. This is an 84 yr old lady who is a bit doddery. Vile scumbag company.
Would talk talk of deleted her details?
Don't worry the Government has your back on this and have a great master plan, which is to ban any company from using strong encryption when storing your data! You couldn't make this shit up if you tried....
http://techcrunch.com/2015/01/13/politics-meet-technology/
Footflaps - have you heard the latest advice re passwords ? Don't bother changing them, that's too hard, just pick a really AWESOME one that you will remember so you can fully engage with the new fantastic and in no way smug and self-justifying Digital world.
My service was switched from TalkTalk to another provider on Wednesday. I'll still be at risk as my details were still on the system, as will anyone else who has left and their details kept.
Will the year's worth of credit monitoring be given to all people whose details have been taken, or just those who are still customers?
It's unlikely I'll get phishing phone calls though as my number was changed in the switch over.
I suggest a free experian 12month subscription for their 4 million customers. ( or sign up to noddle)
I suggest a free experian 12month subscription for their 4 million customers.
That's effectively what will be provided to every customer.
I'll still be at risk as my details were still on the system, as will anyone else who has left and their details kept.
I'll raise this internally to make sure we're covering former customers who may have been affected.
*tangent, avoid noddle if you dislike spam, no such thing as a free lunch.
ex customer, ex-tremely hacked off although i understand the requirments to hold data for set periods.
Names? and addresses?
Dates of birth?
Email addresses
Telephone numbers
TalkTalk account information
Credit card and bank details
I'll still be at risk as my details were still on the system, as will anyone else who has left and their details kept.
The intention is that, where it's still relevant, we will communicate with everyone potentially affected. That's why there are a series of channels of communication, including the heavy media and press efforts we did last night (there are a lot of people who haven't been to bed for the last couple of days on this...).
Thanks for the updates OMITN. I've been through similar crisis situations at another telecom company (not a hack - massive database corruption) and it's not much fun trying to sort it out.
Just listened to someone on R4 explaining that it was a SQL injection attack on the back of a DDOS. I'm far for even an amateur in this field but i thought SQL injection is one of the most basic forms of hacking. Shouldn't their server have been protected from this?
I was with talktalk until April-ish, will they of kept my details?
We've since moved so I doubt talktalk can contact us?
We've just been moved to Fleur by Talk talk, I wonder whether they've had the same problem?
While I wouldn't touch TalkTalk with a barge pole, I have to say OMITN is single-handedly doing more for their customer-relations than any spokesman I've seen on TV! Well done, sir, chapeau! 😀
Ironic isn't it after I raised a complaint about scam calls in July and got this reply:-
Dear * ******,
Further to our recent telephone conversation, I am writing to confirm that we have received your complaint regarding the recent increase in scam calls and emails.
Please rest assured that your sensitive information such as date of birth, bank, or credit card details have not been accessed.
We understand that this may cause you to be concerned but we have taken all appropriate actions to stop this from happening again and would like to reiterate that fraudsters are unable to gain access to either your TalkTalk account or your bank account unless you give them access.
Protecting our customers' data is our top priority and we take this issue extremely seriously. We ask that you take extra care when anyone phones or emails you claiming to be from TalkTalk, or indeed any other organisation, asking for personal details.
We hope you will accept our sincere apologies for any distress this has caused and confirm that this is our full and final position regarding your complaint.
As a business we work in this type of environment including PCI DSS (PAYMENT CARD INDUSTY DATA SECURITY STANDARD) "if" Talk Talk are compliant with PCI DSS and executing vulnerability scans ASV scans and Pen testing as well as managing file integrity and log managment then it would be difficult to hack anything unless someone has been very stupid - the question that customers should be asking is "if you are compliant with PCI how did this happen" - there are a lot of "compliant" organisations, well they did fill in an SAQ (self assessment questionnaire) stating they are compliant
Some reports that's it's a Islamic Cyber Jihadi attack emanating from the Soviet Union. Seem to be related to the website publishing supposed customer details
Not really important who did what, the problem is few businesses take data protection seriously and the ones that do are usually made to do it via financial penalty (ICO PCI DSS etc ) the combination of name address date of birth bank details card details is identity theft heaven and despite what the credit reference agencies say it will take at least six years before you recover from it
There is no system which can't be hacked by a determined and skilled individual.
That is partially true but they need exploits and open doors and "internal" mismanagement
i hear TalkTalk IT operations are a bit of a nightmare to work for, I've been approached a couple of times about roles but they have a bit of a bad rep.
"Hey we run a can attitude fast paced environment"
aka
"The guys are over worked/under funded and constantly forced to release shit that clearly isnt production ready"
As long as guys responsible for driving things into the ground get a decent bonus and are able to move on a gut another company its okay I suppose, its the suckers left holding the can that have to clean up the shitstorm.
Some reports that's it's a Islamic Cyber Jihadi attack emanating from the Soviet Union. Seem to be related to the website publishing supposed customer details
Blimey - an attack across time and space!
2 weeks ago lost all internet, numerous calls to a o847 number and pressing numours keys on the instructions of a recorded voice or saying what i wanted got through to people who cant understand english and apologise and say they will help sadly their idea of help is not any related idea of help i could understand, like throwing a heavy weight to a drowning man.
Eventually they agreed to send out a new router, and all worked well but still getting calls asking if i want to close my complaint which i dont till i get some sence out them, and now the hack, they dont know, yet 2 weks ago they said there was a major outage of their system and it would last 48 hours, next day they denied it.
They are also refusing people to break their contracts according to their website as their share plunge, they dont answer the phones,and a chap on a bike forum tells us more than their boss tells us customers.
IANAL but.....surely they've already broke the contract by failing to follow quite clear database protection policies.
SQL injection vulnerability & sensitive data stored in plain text in 2015? It defies understanding!
Not much more I can publicly update on (I'm not an operational or tech person and of course there's a criminal investigation happening right now) but suffice to say there is a huge amount of work going on assessing the detailed extent of the attack and what data was actually accessed.
For those who are former customers that assessment will also relate to any retained data that may have been included. If you are a victim of the attack the plan is to contact you as well as current customers.
Our comms teams are working 24/7 over the weekend to keep our customers updated.
I was working out of one of our North West offices yesterday and today. To say the mood is sombre amongst every member of staff there (a few hundred people) - even those who aren't directly engaged - is an understatement. I've been to happier funerals.
We're the first to admit TalkTalk is an imperfect company but doing the right thing for customers is at the heart of everything we try to do. That's what's so heartbreaking about this.
all ISP are a bunch of money grabbing bastards. they do not do it for fun.
Talk Talk are an 'added value' reseller. Best avoided anyway, despite the hacking.
If this fotum allowed swearing then I would wonder what the bloody hell are you still doing with talkshinetalk.
Remember tiscali was it who they took over from they werent much cop neither.
Honestly do the right thing and go to BT.
What the hell were you thinking as sure youve done similar threads bout talktalk net connection issues int past.
must doff my cap at OMITN.
not sure what you do for them fella but you are personally smelling of win.
the company still sucks btw 🙂
Bet all those details are already for sale on a Russian darknet fraud site.
In Russia the government/security services turn a blind eye to even large-scale fraud & hacking as long as it's directed at foreign organisations.
Meanwhile the IoD shows it doesn't "get" internet or system security
Meanwhile, business leaders called for urgent action to tackle cyber-crime. The Institute of Directors said only "serious breaches" made the headlines, but attacks on British businesses "happen constantly". [url= http://www.bbc.co.uk/news/uk-34622754 ]Sauce[/url]
Take responsibility for your own systems and spend the necessary cash to secure them. It isn't "somebody else's problem' it's yours. Reduce the opportunity for someone to break in and let the less secure take the risk.
Well I've not had a single email from TalkTalk yet.
And I tried calling their, not UK based, help line to see if they held my debit card details on file* and 'Julie' on the other end couldn't even understand the difference between Direct Debit details and Debit Card details. Shocking service, and another customer lost.
(*I know they have DD details, I'm 99% sure my debit card isn't associated with the account but can't check).
Honestly do the right thing and go to BT
It doesn't take much looking to find people cussing and blinding over BT too. Just like energy suppliers, it's almost entirely the luck of the draw whether you have a faultless or terrible experience.
Until last weekend (!) we had been with TalkTalk for years with no problems whatsoever despite moving house repeatedly. We only changed because they added telly service which we didn't want "for free", then put the price up...
Well I've not had a single email from TalkTalk yet.
I got mine - it was sent yesterday. But Talktalk/AOL email classified it as spam, so I didn't actually find it in the spam email folder until today 🙄 .
Anyone who hasn't had the email this may help.
[url= http://newsthump.com/2015/10/23/talktalk-customers-to-learn-about-hack-next-time-they-manage-to-get-on-internet/ ]Details here. [/url]
[url= http://www.bbc.co.uk/news/uk-34643783 ]http://www.bbc.co.uk/news/uk-34643783[/url]
'Boy, 15, arrested in Northern Ireland over TalkTalk hack'
We're the first to admit TalkTalk is an imperfect company but doing the right thing for customers is at the heart of everything we try to do.
Really? Not in my experience, the Indian call centre has to be THE WORST call centre I have ever had the displeasure of speaking to. TalkTalk mistakenly had two accounts running for me when there should have been only one. I called and spoke to the Indian call centre several times over a period of three or four months, every time I was told they would cancel the surplus account, every time this wasn't done. This was particularly annoying as TalkTalks accounts section threatened me with a debt recovery agency if I didn't pay up for this service I never ordered. It was only when we eventually got through to the loyalty department in the UK it finally got sorted (but it took them two separate attempts).
An absolute shambles top to bottom, the wifi speed isn't particularly quick or reliable.
Now we see that the hacker could well have been a 15 year old boy! Well done TalkTalk, it seems you have nothing but contempt for your customers from your incompitent call centres through to your inadiquate care of our bank details.
Well done, as soon as I can I'm out!
OMITN has done more for TT's reputation than the top boss interviewed on R4 recently.
With regard to Talk Talk taking a hard line with customers who wish to cancel their service with them, surely the consumer rights act covers their desire to cancel if they are dissatisfied?
http://www.which.co.uk/consumer-rights/regulation/consumer-rights-act
Anyone care to argue that Talk Talk have provided their service with reasonable care and attention? Or that their exit fees don't represent unfair contract terms?
ourmaninthenorth...
Any idea when TalkTalk are going to get their MyAccount back on line? I can't muster up the energy or willpower to spend any time on the phone with them!
Ta!
Meanwhile the IoD shows it doesn't "get" internet or system security
More worryingly, TM's new legislation may end up outlawing string encryption in the UK, which will be a huge benefit to organised crime wishing to hack systems but do nothing to stop criminals using strong encryption (which you can download for free from international sites and use illegally in the UK)....
Completely insane, but that's the Tories for you.....
http://www.bbc.co.uk/news/uk-34643783'Boy, 15, arrested in Northern Ireland over TalkTalk hack'
"The good news is that we haven't been hacked by Russian cyber jihadistsTM..."
ourmaninthenorth...Any idea when TalkTalk are going to get their MyAccount back on line? I can't muster up the energy or willpower to spend any time on the phone with them!
Ta!
Hi - sorry, only just seen this. We got it back up yesterday - a significant number of people worked around three days without sleep to get it back up. We're working on getting all the funcitonality back as soon as possible, but doing all the penetration (etc.) testing we need to do across every component to make sure its's secure does take time.
Apologies for going quiet on this thread - I took the view that I shouldn't have been another channel of communication when our comms teams were in charge of that. Also, given that I am privy to (share) price sensitive information I didn't fancy going to prison for Market Abuse..!
Cheers ourmaninthenorth - sounds like you are doing some good work and need a crate of Red Bull to keep you going! You should have the most secure system of them all after this.
Still can't see MyAccount login though, just see a holding page asking people to call or live-chat.
...and as you are privy to inside info, would you know if I customers can wangle a free fibre upgrade! 😀
The good news is that we haven't been hacked by Russian cyber jihadistsTM
But jambalaya is normally right about everything - especially when it comes to blaming Muslims for things. Weird.