Talk Talk, a telecom service company, has received a ransom demand after a huge cyber-attack on its data servers.
Mobile phone, broadband internet and pay television services provider Talk Talk, which operates in the United Kingdom, confirmed it was victim to a “significant and sustained” cyber-attack, adding they were contacted with a ransom demand.
“We can confirm we were contacted by someone claiming to be responsible and seeking payment,” said a spokesperson for the company.
The attack is feared to have resulted in the release of Talk Talk’s customers’ confidential and financially-sensitive information. Chief executive Dido Harding acknowledged that her company was recently attacked by cyber criminals.
“Yes, we have been contacted by – I don’t know whether it’s an individual or a group purporting to be the hacker. I personally received a contact from someone purporting – as I say, I don’t know whether they are or are not – to be the hacker, looking for money.”
But what’s even more concerning is that the company did not know how much data was stolen in the attack on Talk Talk’s website. Harding further stated that she did not know whether the demand was genuine, or whether information on the company’s 4 million customers had been encrypted. Asked if the company was doing enough to protect its customers’ sensitive information and that the company is taking steps to prevent reoccurrence, Harding answered matter-of-factly.
“You’ve got to say that we weren’t and obviously we will be looking back and reviewing that extremely seriously. None of us live in a perfect world where security is perfect. I cannot tell [customers] that the world is perfectly safe.”
The company confirmed it was considering the worst-case scenario in which “all of our customers’ personal and financial information has been accessed,” reported MSN.
At stake is financial and personal data of about 4 million Talk Talk customers. Investigators are still trying to ascertain if the customers’ bank details are part of the information that was stolen. Incidentally, a message was posted on Pastebin, a site which allows messages to be posted in plain text, that the hack was the handiwork of a Russian-based team of Islamic extremists, reported Canada Journal. However, investigators aren’t convinced about the claim and neither do they suspect the ransom demand might be sent by those allegedly claiming responsibility for the hack.
London’s Metropolitan Police is heading the investigation and is expected to verify the ransom note. Talk Talk is also facing flak for not revealing its database was attacked. Apparently, the company may be guilty of withholding the information for a day. The company only acknowledged the attack on Wednesday, but reports indicate it may have been aware it was under attack for about 24 hours.
What do the hackers want? The hackers may have, in their possession, information that is very sensitive. Cyber criminals often target large databases to siphon financial and personal information of thousands of individuals. This information is quite profitable in the digital black market. Using information like credit card and bank information, and personal information like birth dates, addresses and such, can help cyber criminals pilfer funds from the victims’ accounts.
Incidentally, Talk Talk hasn’t shared the contents of the ransom note and hence it is not clear exactly what the hackers have demanded. However, the cyber criminals seem to have mentioned money in exchange. This might indicate they are willing to delete the information in their possession if the telecom company forks out the cash.
This is the third cyber-attack on Talk Talk within the last 12 months. But it is the first time it has received a ransom demand. Its customers are strongly contemplating abandoning the services.
[Photo by View Pictures/UIG via Getty Images]