TalkTalk Hack – how it could have happened…

TalkTalk Hack – how it could have happened…

How ironic is it that during ‘Get Safe Online Week’ (19-24 October) millions of innocent people may once again have become unwitting victims of identity theft?

In the last few days phone and broadband supplier TalkTalk have revealed that its website has been subject to a “significant and sustained cyber-attack”. They are yet to reveal just how many of their four million plus customers have been affected and exactly what personal data may have been stolen.

What probably seems most shocking is that this is not the first, but in fact the third security breach that TalkTalk have encountered this year alone. Only in August the company disclosed that its mobile sales site had been targeted and personal data breached. And in February TalkTalk customers were alerted to a cyber-scam whereby criminals had managed to steal thousands of account numbers and names.

So the obvious question is – why is this happening with such alarming frequency to major UK companies?

Industries like the Telecoms industry are fast moving and recent years have seen a trend towards acquisitions and mergers. Such consolidation should bring economies of scale and overall customer benefits. Sadly that’s not always the case where customer data protection is concerned.

When one company acquires another, as well as acquiring their stock they also acquire their security systems, which may not always be as fool proof as their own.

Whilst we’ve not been able to analyse TalkTalk’s systems ourselves, the company fits this profile and it’s an area that should be investigated for the sake of customer security.

In my view it’s time for UK companies to wake up to the dangers posed by legacy security systems, and make protecting customer data a top priority.