TalkTalk, one of UK’s large phone and broadband provider, has been hit by what authorities believe as a distributed denial of service attack. But what’s puzzling is the report on a data breach that affects millions of customers.
A DDoS attack usually results in a website shutdown due to the heavy volume of traffic coming to the site. Experts suspect the DDoS is only a front used by attackers to conceal their real intention of stealing data from the TalkTalk website.
According to initial reports, the breach could have allowed attackers to gain access to banking details and personal information of customers. Some of the compromised data could include names and addresses, email addresses, telephone numbers, TalkTalk account information and credit card. What’s alarming is that it is believed not all of these pieces of data are encrypted.
The UK’s Metropolitan Police has already launched inquiries, though no specific details about the breach have been released as of this moment.
A Russian Islamist group claimed responsibility for the attack according to an online announcement the group made. The announcement includes pieces of data that allegedly was stolen from the TalkTalk database.
Although it is known that TalkTalk customers’ data are stored in UK data centers, investigators have yet to determine the scope of the breach and how much information is protected by encryption. But if TalkTalk’s swiftness in making the announcement is any indication, we could surmise that the severity of the attack is high.
The attack not only has a negative impact on the company’s customer relationship, but also on its overall reputation. That means it will have a lot of trust recovery works to do ahead, though customers have been assured of the back-to-normal situation for its TV, broadband, mobile and phone services. Right now, the attack has downed the website for sales and customer account, but recovery efforts are underway.
TalkTalk has already reached out to customers in an effort to inform them about the breach. But some customers told local media outlets that they have not yet received any advisory. Some even lamented that they were unable to contact the TalkTalk customer services.
Historically, this is not the first time that TalkTalk has been compromised. The company’s mobile sales website also sustained attacks in August, resulting in the theft of customer data. Scammers were also able to cash in on unsuspecting customers earlier this year, and they did steal account numbers and names of clients.