UK: Talk Talk hacked

Central Scrutinizer

Staff member

TalkTalk cyber-attack: Boss 'receives ransom email'

The head of TalkTalk says she has had an email demanding a ransom from a group purporting to be behind the cyber-attack suffered by the company.

Chief executive Dido Harding said she did not know whether the ransom email was genuine.

The phone and broadband provider said personal and banking details of up to four million customers may have been accessed in the "significant" attack.

The Met Police said the email was "forming part of its investigations".

"It is hard for me to give you very much detail, but yes, we have been contacted by, I don't know whether it is an individual or a group, purporting to be the hacker," Ms Harding told the BBC's business editor Kamal Ahmed.

"All I can say is that I had personally received a contact from someone purporting - as I say I don't know whether they are or are not - to be the hacker looking for money."

The BBC's security correspondent Gordon Corera said government sources had told him they currently viewed the Talk Talk incident as cybercrime, rather than anything relating to national security.

'Worry and concern'
TalkTalk said it was too early to know exactly who had been affected by the attack, which happened on Wednesday.

Former customers of Talk Talk may also be affected by the computer hack, and it was not known whether the information seized by the hackers was encrypted, Ms Harding added.

She said the company was "rushing to communicate with customers" but that it would take 36 to 48 hours to email all of them.

What should you do if you think you're at risk?
  • Report any unusual activity on your accounts to your bank and the UK's national fraud and internet crime reporting centre Action Fraud on 0300 123 2040 or
  • TalkTalk is advising customers to change their account password as soon as its website is back up and running - expected to be later on Friday - and any other accounts for which you use the same password
  • Beware of scams: TalkTalk will not call or email customers asking for bank details or for you to download software to your computer, or send emails asking for you to provide your password
TalkTalk hack: What should I do?

In a statement, the company said that a criminal investigation had been launched on Thursday.

The Metropolitan Police, which is investigating, said no-one had been arrested over Wednesday's attack but inquiries were ongoing.

TalkTalk said there was a chance that some of the following customer data, not all of which was encrypted, had been accessed:
  • Names and addresses
  • Dates of birth
  • Email addresses
  • Telephone numbers
  • TalkTalk account information
  • Credit card and bank details

Cyber security consultant and former Scotland Yard detective Adrian Culley told BBC Radio 4's Today programme that a Russian Islamist group had posted online saying it carried out the attack.

He said hackers claiming to be a cyber-jihadi group had posted data which appeared to be TalkTalk customers' private information - although he stressed their claim was yet to be verified or investigated