TalkTalk has confirmed that it has suffered a "significant and sustained cyber-attack." TalkTalk has which has over 4 million customers in the UK.
While details are limited, TalkTalk has said that the hackers may have accessed its customer database - including names, addresses, date of birth, email address, telephone numbers, TalkTalk account information, credit card and/or bank details:
http://help2.talktalk.co.uk/oct22incident
Jon French, security analyst of AppRiver has offered the following advice to customers that may have been affected: "The two major things customers need to do is keep an eye on their banking information to look for fraudulent transactions, as well as be vigilant with communications. By communications, I mean they should be suspicious of any unexpected emails or phone calls that may be asking them for additional information. If someone calling or emailing you already has information like name, address, email address, or other account information, that doesn’t mean they can automatically be trusted. They may cite that data to get someone to trust them to hand over more information like a credit card or password."
Benjamin Harris, Managing Security Consultant of MWR InfoSecurity adds additional advice to customers, but also to organisations generally that may be targets to this type of cyber attack: “As always when there is a concern that payment data may have been breached, consumers should pay attention to transactions made on their debit and credit cards and report any suspected fraudulent transactions to their card issuer. Being proactive will help to limit any damage caused by exposure of credit card information, however if consumers are heavily concerned about the confidentiality of their debit or credit card, it is recommended that they contact their card issuer to provision replacement cards, thus invalidating the previous credit or debit card used.
"It appears that TalkTalk have been proactive in this instance, and have done the correct things by issuing a public statement and involving the relevant authorities, allowing the attack to be investigated and thus limit any further damage.
"Incident response is a necessity for most organisations. In this case, it is important that organisations are both proactive and honest about any security breaches, and that they enlist the correct help from the outset. Identifying the attack mechanism is an important step in mitigating the risk, and pre-emptive actions (such as immediately destroying an infected machine) could lose vital evidence that would be useful in identifying the actual impact.
"Organisations should also regularly test their incident response plans. For example, logging and monitoring systems may not be regularly inspected. Realising that a log collation server has not been working for months and has not recorded information relating to a breach can be very frustrating, and these issues can be avoided with regular inspection.