TalkTalk CEO receives ransom note from alleged cyber-hackers

© Stefan Wermuth
The bank details of 4 million customers of British ISP TalkTalk may have been exposed following a “significant and sustained” cyber-attack on the firm’s website. A former detective has suggested Islamic extremists could be to blame.

The attack, believed to have occurred on Wednesday, has left TalkTalk customers around the world in fear as the firm admits it does not know how many people have been affected.

The telecommunications company said there is a chance personal data including credit card details, email addresses, names, telephone numbers and dates of birth have been accessed by hackers.

This is the third cyber-attack to hit the firm in the past 12 months.

TalkTalk has confessed “not all of the data was encrypted” but it believes its systems are “as secure as they could be.”


TalkTalk customer Amandine said she is “upset” to hear about the cyber-attack.

I don’t know yet if my details have been stolen for sure. I hope not,” she told RT.

I’m upset and I hope it won’t affect my internet service too.

If people are smart enough to hack TalkTalk they are not going to use the data right now and will wait for people to forget about it.”

The London based customer, who has been with TalkTalk for 6 months, said she is disappointed with the firm for not telling her immediately and failing to encrypt her data.

Attacks can happen, we all know that, but I am not sure their crisis communication worked well. I first heard about it over the news.

What a disappointment to see they didn’t even encrypted our personal data.”

TalkTalk customer Sarah, who has been with the provider for 5 years, told RT she feels vulnerable.

Still no direct email from TalkTalk so having to rely on the news,” she said.

I feel vulnerable and, obviously, I’m very concerned. They presumably have every detail about me from TalkTalk. I can’t believe that TalkTalk didn’t encrypt all information.

I would definitely consider leaving. I chose them over Sky (and Virgin isn’t available in my area). I will definitely explore other options and hope that they would be considered to be in breach of contract.”

'Ransom note' 

It has emerged that TalkTalk’s chief executive Dido Harding received a ransom email from someone claiming to be behind the cyber-attack.

Speaking to the BBC on Friday, Harding said: “It is hard for me to give you very much detail, but yes, we have been contacted by, I don’t know whether it is an individual or a group, purporting to be the hacker.”

All I can say is that I had personally received a contact from someone purporting – as I say I don’t know whether they are or are not – to be the hacker looking for money.

If you’re a cyber-criminal, the days of stealing data and then selling it for cash in the dark web – they’re not so profitable as they used to be.

And I do think that you see more cyber criminals wanting to effectively make money by extorting the companies that hold that data, and there’ve been a number of incidents just this week.

‘Extremely serious’ 

The firm said it is working with police to establish what happened.

We are continuing to work with leading cybercrime specialists and the Metropolitan Police to establish exactly what happened and the extent of any information accessed,” the company said in a statement on Thursday night after revealing the attack.

Harding said the company is taking this attack “extremely seriously.”

We take any threat to the security of our customers’ data extremely seriously, and we are taking all the necessary steps to understand what has happened here,” she said in a statement.

TalkTalk was informing its customers immediately about the attack as a precaution,” she added.

Harding said TalkTalk informed customers 34 hours after it became aware of the attack as it “needed the facts first,” ITV reports.

The firm has instructed customers to keep an eye on their bank statements, contact their bank if they notice anything unusual and be weary of people contacting them asking for their personal details.

‘TalkTalk should have reported hack sooner’  

UK Information Commissioner Christopher Graham said TalkTalk should have reported the incident “much sooner.”

Although it began on Wednesday, the Information Commissioner’s Office (ICO) was only informed of the cyber-attack at 4.30pm on Thursday.

Graham said the ICO will examine the delay in its investigation into the data breach.

There isn’t an off-the-peg solution that renders everything secure and in some cases encrypting everything would probably be excessive,” he told ITV.

But the big civil monetary penalty we imposed on the Sony Corporation for the PlayStation incident was involving the lack of encryption of customer data and that cost them £200,000. People have got to take this seriously,” he added.

The ICO said it will be liaising with police and offering TalkTalk customers advice.

The ICO is aware of this incident, which was reported to us on Thursday afternoon. We will be making enquiries and liaising with the police,” it said.

Any time personal data is lost there can be a risk of identity theft. There are measures you can take to guard against identity theft, for instance being vigilant around items on your credit card statements or checking your credit ratings. There are tips and information about identity theft available on our website,” it added.

‘Unsure if former customers have been hacked’ 

In an interview with BBC News on Friday, Harding admitted she is unsure if former TalkTalk customers have fallen prey to the cyber-attack.

When asked why some customers only heard about the attack on the news, she said: “We decided to use the media to reach our customers faster.”

Harding also said it is “too early” to say customers would be compensated or allowed to leave TalkTalk without paying a penalty.

‘Islamic terrorists behind it’ 

Former Scotland Yard cyber-crime detective Adrian Cully suggested the attack could be related to Islamic terrorism after a group claimed responsibility for the attack.

A statement from the group published on social media said “we cannot be stopped.”

We have adapted to the security measures of the web. We cannot be stopped. We have made our tracks untraceable through onion routing, encrypted chat messages, private key emails, hacked servers,” it said.

We will teach our children to use the web for Allah. Your hands will be covered in blood. Judgement day is soon,” it added.

We are in the Soviet Russia and near place, your Europe, we control Asia, we control America.”

Speaking to the BBC’s Radio 4 Today program on Friday, Cully said: “They [the group] are claiming to be from Soviet Russia and be an Islamic cyber jihadi group.”

They have posted on to Pastebin information that appears to be TalkTalk customer private information,” he added.

The alleged hackers appear to have published around a hundred emails and home addresses under their statement to prove they are the cyber-attackers.

Hidden in the text, there is a line which reads: “Prepare, secure your websites, secure your borders, secure your country, but Jihad from us is coming, Muhammed rises, salat fellow brother.”

The Metropolitan Police Cyber Crime Unit has said it is aware of speculation regarding alleged perpetrators.

This case is just one example of the new generation of criminality my team are dedicated to tackling. We continue to lead on this investigation but are working with the National Crime Agency (NCA),” it said in a statement.

Operation Falcon sees a more focused and joined-up approach by the MPS, the business industry and other law enforcement agencies to ensure that we quickly identify the issue - in this case alleged data fraud - and immediately set about working to protect the public, designing out the crime and arresting the culprits.”

We are aware of speculation regarding alleged perpetrators; this investigation remains at an early stage; a full assessment of the alleged data theft is ongoing.”

‘TalkTalk shares sink’ 

It has emerged that TalkTalk’s shares sank 3.9 percent in the first few minutes of trading on Friday, hours after the cyber-attack was revealed. It has now declined by up to 9 percent.

Commenting on this, one Twitter user said it is “about time companies paid compensation for their breach of duty of care.”

Labour MP for Newcastle Central Chi Onwurah urged TalkTalk to “take responsibility for long term customer support.

V [very] worrying that TalkTalk have suffered another data breach, they must take responsibility for long term customer support and follow up,” she said on Twitter.

I find this advice confusing – TalkTalk will ring customers and ask for bank details if ‘permission’ given’??,” she added.

A Scotland Yard spokesman said: “There have been no arrests and enquiries are ongoing. We are aware of speculation regarding alleged perpetrators; this investigation remains at an early stage; a full assessment of the alleged data theft is ongoing.”