Beware the unexpected phone call
One of the dangers of this attack is that phone scammers offering to help fix computers may use the data to contact TalkTalk customers. They will often try and get customers to let them install software on their machine to help fix problems. This is little more than a scam as the supposed problems will keep coming back and so will the requests for money to fix it.
Harrison does at least warn customers of that risk when she says: “[TalkTalk will also never] Call you and ask you to download software onto your computer, unless you have previously contacted TalkTalk, discussed and agreed a call back for this to take place.” There is a very high risk of this happening and customers really should take care.
TalkTalk praised for the incident response
There are many ways to deal with this type of incident. Some companies deny it has happened and others try and dismiss it as a minor incident. The danger with these approaches is that customers will know something is wrong and will soon take to social media to discuss the issues.
In this case it appears that TalkTalk has done all the right things. It has made a public statement, warned customers and contact the Police and Information Commissioners Office.
In a statement received from Benjamin Harris, Managing Security Consultant of MWR InfoSecurity he says: “It appears that TalkTalk have been proactive in this instance, and have done the correct things by issuing a public statement and involving the relevant authorities, allowing the attack to be investigated and thus limit any further damage.
“Incident response is a necessity for most organisations. In this case, it is important that organisations are both proactive and honest about any security breaches, and that they enlist the correct help from the outset. Identifying the attack mechanism is an important step in mitigating the risk, and pre-emptive actions (such as immediately destroying an infected machine) could lose vital evidence that would be useful in identifying the actual impact.
“Organisations should also regularly test their incident response plans. For example, logging and monitoring systems may not be regularly inspected. Realising that a log collation server has not been working for months and has not recorded information relating to a breach can be very frustrating, and these issues can be avoided with regular inspection.”
Conclusion
While we wait to see exactly what went wrong it appears that TalkTalk are trying to deal with the problem quickly. There will be questions around whether data was or was not encrypted especially as Harrison does not talk about the issue. Customers will also wonder why TalkTalk hasn’t offered to pay for credit checks.
