TalkTalk is the latest company to suffer a data hack and it’s a bad one. Its website was hit by a ‘significant and sustained cyber attack’ on Wednesday and the personal, bank and credit card details of its 4 million customers could all have been compromised.
The FTSE 250 telecoms company said in a statement that the Metropolitan Police were investigating the breach and that it was contacting all its customers. But that contact doesn’t seem to have got through yet, with many users taking to Twitter to say they had received nothing. Plenty were also furious the first they’d heard about it was from the media.
A group claiming to be Russian Islamists posted a sample of the leaked data online and a Buzzfeed reporter was able to contact a customer, indicating the hackers do have real information (who they actually are is another question altogether).
Completely unverifiable but here's the statement from the Russian group claiming to be behind the TalkTalk hack pic.twitter.com/kfbc4lZjns— Rory Cellan-Jones (@ruskin147) October 23, 2015
Meanwhile, TalkTalk’s shares fell as much as 12% this morning, before recovering somewhat to 251.5p in mid-morning trading, a fall of around 6.3%. Investors as much as anyone will know that this will be costly, both in terms of clearing up the mess and for its reputation.
TalkTalk probably did the right thing in releasing a statement as soon as it had put the police on the case – Dixons Carphone was pilloried in August for announcing on a weekend that it had discovered a breach a few days earlier (which, incidentally, also affected TalkTalk, as it uses Dixons Carphone web services).
But given that it doesn’t yet know how many of its customers are affected and exactly what data has been stolen - and hasn’t even contacted many if not all of its customers - it looks streets behind the cyber criminals.
Chief executive Dido Harding was clearly very aware of that fact, when she did the media rounds to issue the necessary apology.
‘I'm very sorry for all the frustration, worry and concern this will inevitably be causing all of our customers," Harding told BBC News. ‘We have been working through the night to make sure that we contact all of our customers and can reassure them about how they can keep their data safe.’
If TalkTalk doesn’t get on with living up to its name and actually talk to its irate customers, it risks losing a significant proportion of them as well as many potential new ones. As Simon Mullis, the global technical lead at cyber security software firm FireEye put it, ‘Security is no longer an IT problem, it's a business issue.’