Talk Talk

[ADB]

Anyone else with Talk Talk - i'm fuming!!!

Although the full extent of the cyber attack is unknown, how can this be allowed to happen???

 

[Tashyboy]

The part of me that was royally shafted by car phone warehouse and talk talk fills me with great joy that they have problems on there plate which they gave to me and did not give two hoots about.

However there is a part of me that is gutted that there customers have been exposed to this. Second time this year I believe.

Rubbish company with even worse customer services.

Hope it all works out well for you me man.

 

[SwingsitlikeHogan]

Anyone else with Talk Talk - i'm fuming!!!

Although the full extent of the cyber attack is unknown, how can this be allowed to happen???

What's the risk to the individual - have they told you?

I blame the Chinese - after all - aren't they here for a bit of Talk talk ?

 

[jdpjamesp]

Talk Talk here as well. The thing that gets me is they've claimed to have informed all their customers. As yet I have only seen what's in the media and what I've gone and found out myself. Fuming too. Will be leaving at the earliest opportunity to be honest.

 

[jdpjamesp]

What's the risk to the individual - have they told you?

No communication at all from them here. Useless. To be honest, the biggest risk is 2-fold: they have your account password - change it as soon as they bring the website back online. Secondly they have your credit card/bank details. More of an issue.

 

[SwingsitlikeHogan]

No communication at all from them here. Useless. To be honest, the biggest risk is 2-fold: they have your account password - change it as soon as they bring the website back online. Secondly they have your credit card/bank details. More of an issue.

That isn't good - but at least you have CC protection and like your bank - they are usually pretty good at spotting potentially fraudulent purchases or transactions on your account. But still not good.

A bit surprised that this has happened to a company like Talk Talk as they have to be PCI DSS (Payment Card Industry Data Security Standard) compliant - and as someone who has managed an organisation through it's annual PCI DSS compliancy audit I can confirm that it is very stringent. That said if the company seeking compliance is a bit lax or cost-cutting in maintaining it's compliancy between audits holes can occur and doors can open to the hacker.

 

[jdpjamesp]

The official announcement from Talk Talk: http://help2.talktalk.co.uk/oct22incident
Free credit monitoring for a year and an apology isn't really going to cut it is it.
To be completely safe I'd need to switch away from Talk Talk (will be anyway) and switch bank and credit card. What a faff.

 

[Tongo]

We're with them. Our account is with Mrs Tongo's bank account. Fortunately we dont have joint accounts otherwise i'd be seriously worried rather than just worried.

 

[jdpjamesp]

Joint account here. Nothing will be going out of that account without me checking what it is now until I get round to switching.

 

[Robster59]

Also with TalkTalk here. We've received no notification either.
It's a disgrace that a company like this should allow this to happen. There is obviously something seriously wrong with their security system that has allowed this to happen.
The account is held in my Partners name so she'll have to check everything. As it stands, we can't actually even remember our TalkTalk account password anyway but if they can get into TalkTalk, what can they do down the line into peoples computers?
I've put good antivirus and malware protection on my PC and also changed the router password.

But I've been looking to change provider over the last few weeks. This has tipped me over the edge now. I do think that TalkTalk penny pinch where they can. A non-UK call centre is an example. It could be something similar here.

I've also got a Skoda Superb which is going to be recalled because of their scandal.

I'm really worried about what the third thing will be!

 

[Imurg]

When are we, the general public, going to realise that none of the data we give to companies that is kept online is really safe.
Every month, it seems, there's a cyber attack somewhere in which passwords or bank details go "missing"...Joe Public gets reimbursed for any loss but end up paying more as security needs to be beefed up to combat the attacks.
Security should be so tight with this information that hacks fail.
Its not.

 

[SwingsitlikeHogan]

Also with TalkTalk here. We've received no notification either.
It's a disgrace that a company like this should allow this to happen. There is obviously something seriously wrong with their security system that has allowed this to happen.
The account is held in my Partners name so she'll have to check everything. As it stands, we can't actually even remember our TalkTalk account password anyway but if they can get into TalkTalk, what can they do down the line into peoples computers?
I've put good antivirus and malware protection on my PC and also changed the router password.

But I've been looking to change provider over the last few weeks. This has tipped me over the edge now. I do think that TalkTalk penny pinch where they can. A non-UK call centre is an example. It could be something similar here.

I've also got a Skoda Superb which is going to be recalled because of their scandal.

I'm really worried about what the third thing will be!

Companies can easily become complacent if year-on-year their annual PCI DSS compliancy audit does not identify any risks. The problem then is that procedures and resources required to maintain compliancy between audits are not followed or provided. That's why the risks open up - complacency, lax following of procedures, and penny-pinching (it takes a lot of time and effort to maintain compliancy)

 

[Dan2501]

When are we, the general public, going to realise that none of the data we give to companies that is kept online is really safe.
Every month, it seems, there's a cyber attack somewhere in which passwords or bank details go "missing"...Joe Public gets reimbursed for any loss but end up paying more as security needs to be beefed up to combat the attacks.
Security should be so tight with this information that hacks fail.
Its not.

This is a LOT easier said than done. This was a very complex hack which used a DDOS to mask a complex SQL Injection attack. The same method used to hack Sony, and other huge companies not that long ago. Cyber Terrorism is a massive issue that just isn't as easy to fix as "beefing up" security.

 

[Paul77]

People will find a way of getting what they want. I used to be with Talk Talk and to be honest I'd have hacked them too if I could manage it because they are a hopeless company and need to be taught how to do business. I actually bought my contract out in rage and out of pocket because of their utter incompetence to provide a service on any level.

Like Dan says, it's not difficult to do once you find the flaw. It's just that the folk who are in charge don't see there being a flaw and never get tested on it. The Sony one was a belter right enough.

 

[Foxholer]

When are we, the general public, going to realise that none of the data we give to companies that is kept online is really safe.
Every month, it seems, there's a cyber attack somewhere in which passwords or bank details go "missing"...Joe Public gets reimbursed for any loss but end up paying more as security needs to be beefed up to combat the attacks.
Security should be so tight with this information that hacks fail.
Its not.

Apart from the fairly obvious inability to guarantee total security, this is my view too. Even encryption of sensitive details is not foolproof!

Btw. I read somewhere - quite a while ago now - that many hacks are (at least assisted) by unhappy ex-employees. Quite possibly not the case now, or indeed this case, but definitely something companies need to be aware of!

 

[Rooter]

Nothing is safe, the hackers are always ahead of the game, I saw a machine built last week online that can hack 500,000 windows system passwords in 2 hours.

 

[Imurg]

This is a LOT easier said than done. This was a very complex hack which used a DDOS to mask a complex SQL Injection attack. The same method used to hack Sony, and other huge companies not that long ago. Cyber Terrorism is a massive issue that just isn't as easy to fix as "beefing up" security.

In which case they shouldn't be allowed to hold sensitive data.
If they can't absolutely guarantee security of information they shouldn't be allowed to hold it.

 

[garyinderry]

I've had an email from them.

Personally I find them fine to deal with. My only grip is they ring me constantly to try and upgrade my package. I've been fooled by those promises before

 

[HomerJSimpson]

Apparently this isn't their first or even second attack. They admitted their defences weren't robust. There's going to be serious repercussions especially once bank accounts etc get hacked. With hackers getting more sophisticated this issue will only get worse and I'm not convinced anywhere is truly safe anyome

 

[Stuey01]

In which case they shouldn't be allowed to hold sensitive data.
If they can't absolutely guarantee security of information they shouldn't be allowed to hold it.

No-one can absolutely guarantee the safety of data. It's an arms race between the hackers and the security people.