TalkTalk's infamous cyber attack may have only affected 4% of customers, but the firm is still reeling from the reputational fallout – not to mention the costly £35m headache it estimates the attack will end up leeching away from the company as it mops up lost revenues and splashes out on extra IT and customer service in the aftermath.
Despite the hack, TalkTalk said it was still on track to meet market expectations and delivered a healthy set of results in November. If anyone knows the hard-hitting effects a good old cyber attack can have it’s chief executive Dido Harding – who so far, looks to have weathered the initial storm amid difficult circumstances. So, she may well be offering to buy the bosses of JD Wetherspoon a stiff one in light of the news that the pub chain has launched an investigation into its own cyber attack.
MT would say don’t worry, but the scale of the hack is actually pretty sizeable – reaching about four times the number of customers that the TalkTalk hack did. A database containing the details of more than 650,000 'Spoons customers was breached back in June (relating to an old website which has since been entirely replaced).
On the relative bright side, the pub chain said the database mostly contained names, dates of birth, email addresses and phone numbers. You might be wondering how a pub chain builds up such an extensive bank of customer details – any unsuspecting punter who wanted to use the company's WiFi and duly tapped in their personal information could be among those at risk.
Spoons admitted that a ‘tiny number of customers’ have had some of their credit or debit card information stolen. It’s thought that only 100 customers did have financial information compromised and that hackers should have only been able to obtain the last four digits of card numbers in those cases.
In a statement, the firm said, ‘These credit or debit card details cannot be used on their own for fraudulent purposes, because the first 12 digits and the security number on the reverse of the card were not stored on the database.’
The FT did report that personal details had been put up for sale by hackers on the so-called dark web and customers have been warned to stay vigilant for any unexpected emails which specifically ask for personal or financial information, and shouldn’t click on links or download files from any suspicious messages.
According to founder and chairman Tim Martin, an anonymous email was sent to chief executive John Hutson, drawing his attention to the attack on November 6. But it had been caught in the company’s spam filter, so Spoons was actually in the dark until the FT contacted it on Monday. Which might be a bit of a concern for customers. And for investors too - shares in the group opened down 1.3% on Friday.
The company, which operates 900 pubs across the UK and employs 33,000 staff, said the details were taken from customers who signed up to use WiFi in Wetherspoon pubs and entered their personal details into the company system. Some who bought Spoons gift vouchers online and 15,000 staff also had their information stolen.
‘We apologise wholeheartedly to customers and staff who have been affected,' Hutson said. 'Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.’
But as the number of high-profile cases of cyber attacks keeps piling up, customers are likely to become fed up of the threadbare apologies. Granted, as more services and by extension data moves online, the risk will increase. But with Vodafone, Morgan Stanley and TalkTalk just several of the big firms which have had breaches in recent months, questions about whether such companies can be trusted with sensitive information will continue to escalate. And one of the last thing businesses need is trust levels to plummet further. That begs the question whether firms really are prioritising cyber security enough.