TalkTalk shares rebound after 15-year-old boy arrested over cyber attack

The telecoms company has big questions to answer over how its website was hacked.

by Rachel Savage
Last Updated: 30 Oct 2015

Dido Harding may wish TalkTalk had been hacked by Russian Islamists after all. A 15-year-old boy has been arrested in Northern Ireland in connection with the cyber attack that has seen the telecoms company’s shares and reputation take a beating since it came to light last week.

The boy was arrested yesterday on suspicion of offences under the Computer Misuse Act and a house in County Antrim is being searched. Clearly, there’s no confirmation yet the police have got their guy, but investors were nonetheless relieved: the company’s shares have risen more than 9% this morning to around 245.6p, having dropped almost 13% yesterday.

Relief aside, the possibility that its website was compromised by a teenager is pretty embarrassing for TalkTalk (although if he is responsible, he’ll probably still have companies and government agencies queueing up for his services - even if he did nick the idea of Russian Islamist cyber-terrorists straight out of a Jack Bauer plotline). It's even more cringeworthy given that the attack was reportedly a relatively run-of-the mill SQL injection (malicious code that tricks a system into allowing its data to be downloaded) - which Harding mistakenly called a 'sequential attack'.

‘This is an attack vector that has been known for more than a decade and it is still found in web applications around the globe,’ Wim Remes, a manager at cyber security firm Rapid7, told tech site The Register. ‘While it is possible for the error that enables such an attack to slip through a well-established application security program, they are fairly easy to prevent with the proper safeguards in place.’

TalkTalk have done their best to be open about the hack, but potentially being compromised by a teenager and not even getting your terminology right suggests a pretty low level of concern for cyber security, which, as this latest indicdent shows, has increasingly proven to be critical for businesses.

On the other hand, the attack wasn’t as bad as previously thought, TalkTalk has said. Any credit details leaked were ‘partial’ (i.e. with some numbers replaced by Xs) and bank details by themselves won’t be enough to steal customers’ money, chief executive Harding, pictured above, told Sky News at the weekend.

Nonetheless, if all the data has found its way onto the internet, customers will be at risk of being tricked by spam callers pretending to be from TalkTalk into giving up the rest of their details. Harding also raised eyebrows on Sunday when she claimed companies weren’t legally obliged to encrypt customers’ sensitive data.

The telco risks looking even more uncaring, as it continues to insist that exit penalties for customers that want to leave their contract early will only be waived ‘in the unlikely event’ that their money is stolen as a result of this hack. It clearly doesn’t want a mass exodus, but if people end up getting ‘phished’ by spammers they’re unlikely to remain loyal to TalkTalk anyway.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

The ignominious death of Gordon Gekko

Profit at all costs is a defunct philosophy, and purpose a corporate superpower, argues this...

Gender bias is kept alive by those who think it is dead

Research: Greater representation of women does not automatically lead to equal treatment.

What I learned leading a Syrian bank through a civil war

Louai Al Roumani was CFO of Syria's largest private retail bank when the conflict broke...

Martin Sorrell: “There’s something about the unfairness of it that drives me”

EXCLUSIVE: The agency juggernaut on bouncing back, what he would do with WPP and why...

The 10 values that will matter most after COVID-19

According to a survey of Management Today readers.

Why efficiency is holding you back

There is a trade-off between performance and reliability, but it doesn’t have to be zero-sum....