TalkTalk Help – Urgent!. If you are a TalkTalk customer please read!

Posted on October 23rd, 2015

This is NOT A HOAX.  Please share.

Website attack affecting our customers

3:30pm – 24/10/2015 – Latest Update

The investigations by TalkTalk and the Metropolitan Police Cyber Crime Unit into the cyber attack continue.  We can confirm that the latest update of our investigation is as follows:

  • This cyber attack was on our website not our core systems
  • We can confirm that we do not store complete credit card details on the website; any credit card details that may have been accessed had a series of numbers hidden and therefore are not usable for financial transactions eg 012345xxxxxx 6789
  • TalkTalk My Account passwords have not been accessed
  • We now expect the amount of financial information that may have been accessed to be materially lower than initially believed and would on its own not enable a criminal to take money from your account
  • The Metropolitan Police Cyber Crime Unit criminal investigation continues

All customers should:

  • Sign up to your free credit reporting service using this code: TT231. We have partnered with Noddle, one of the leading credit reference agencies, to offer 12 months of credit monitoring alerts for all TalkTalk customers. To sign up for Noddle and get your free credit monitoring alerts follow these steps.
  • Change your passwords – While TalkTalk My Account passwords have not been accessed, it would be prudent to change your TalkTalk password once this service is back up and running, and any other accounts that use the same password.  We will update as soon as services are restored
  • Report anything suspicious – Keep an eye on your bank account and report anything unusual to your bank and Action Fraud as soon as possible. Action Fraud is the UK’s national fraud and internet crime reporting centre, and can be reached on 0300 123 2040 or via http://www.actionfraud.police.uk
  • Stay vigilant – TalkTalk will NEVER call customers and ask you to provide personal details or passwords. Please take all steps to check the true identity of any organisation that calls requesting for personal information. You can call us on 0800 083 2710 or 0141 230 0707.

1:15pm – 24/10/2015

We are investigating reports that customers’ bank accounts have been affected as a result of this week’s criminal attack, although at this stage there is no evidence that this is the case.

We do know that there are a small number of customers who have previously been targeted by criminals and fallen victim to scams, and we are continuing to support those affected.

5:40pm – Update on Cyber Attack: Credit monitoring for all customers

We are continuing to work closely with the Metropolitan Police Cyber Crime Unit and security experts following the major criminal cyber-attack on our website.

At the same time, our priority continues to be explaining the steps you should take to protect yourselves.  We have emailed customers and continue to use the media and other channels to update you as the situation develops.

We know that issues like this can be worrying so we’ve partnered with Noddle, a credit reporting service from Callcredit, one of the leading credit reference agencies, to offer 12 months of credit monitoring alerts for free.  This service can now be activated by using the following code: TT231.

To sign up for Noddle and get your free credit monitoring alerts follow these steps.

We are also working hard to get our services back up securely so they are available for customers to use safely and securely as soon as possible.

We are extremely sorry for any concern and inconvenience this incident may have caused you.

Friday 2.00pm Update

We are very sorry to tell you that yesterday a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyber attack on our website on Wednesday 21st October.

Dido Harding, our Chief Executive, has been talking to the media last night and this morning, as this is the quickest way to get information to customers. We have also begun contacting all customers directly with full details and we will continue to update this page throughout the day.

What have we done since we identified we’d been attacked?

As soon as we realised this, we shut down the website and we’ve been working with leading cybercrime specialists and the Metropolitan Police Cyber Crime Unit to establish exactly what happened and whether any of your individual information has been accessed.

We have begun contacting every customer directly, but in the meantime we’re working with the media to ensure customers get the information they need as quickly as possible.

How have our customers been affected?

The investigation is still ongoing, but unfortunately there is a chance that some of the following data may have been compromised:

  • Names
  • Addresses
  • Dates of birth
  • Email addresses
  • Telephone numbers
  • TalkTalk account information
  • Credit card details and/or bank details
We’d like to reassure customers that we take the security of your data very seriously. We constantly review and update our systems to make sure they’re as secure as possible and we’re taking all the necessary steps to understand this incident and to protect them as best we can against similar attacks in future.

What we are doing right now?

  • We are contacting all our customers by email and letter straight away to let them know what has happened and we will keep them up to date as we learn more. Whilst we send those letters we’re working with the media to ensure customers get the information they need as quickly as possible.
  • Since we discovered the attack on Wednesday, we’ve worked to secure the website.
  • Together with cybercrime experts, the security services and the police, we’re continuing to complete a thorough investigation.
  • We have contacted the Information Commissioner’s Office to share details of the attack.
  • We’ve contacted the major banks, and they are monitoring for any suspicious activity on our customers’ accounts.
  • We are offering a year’s free credit monitoring for all of our customers and will be contacting customers with the details. Noddle (www.noddle.co.uk) also allows free access to your credit report for life.

What you can do

  • Keep an eye on your accounts over the next few months. If you see anything unusual, please contact your bank and Action Fraud as soon as possible. Action Fraud is the UK’s national fraud and internet crime reporting centre, and they can be reached on 0300 123 2040 or via www.actionfraud.police.uk
  • If you are contacted by anyone asking you for personal data or passwords (such as for your bank account), please take all steps to check the true identity of the organisation.
  • Check your credit report with the three main credit agencies: Call Credit, Experian and Equifax.

Important notice

Please be aware, TalkTalk will NEVER call customers and ask you to provide bank details unless we have already had specific permission from you to do so.

TalkTalk will also NEVER

  • Ask for your bank details to process a refund. If you are ever due a refund from us, we would only be able to process this if your bank details are already registered on our systems.
  • Call you and ask you to download software onto your computer, unless you have previously contacted TalkTalk, discussed and agreed a call back for this to take place.
  • Send you emails asking you to provide your full password. We will only ever ask for two digits from it to protect your security.

We understand this will be concerning and frustrating, and we want to reassure you that we are continuing to take every action possible to keep your information safe.

Tristia Harrison
Managing Director (Consumer)
TalkTalk

23rd October 2015

 

What has happened here?

On Thursday 22nd October, a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyberattack on their Talk Talk website yesterday.

That investigation is ongoing, but unfortunately there is a chance some customer data may have been compromised. they are continuing to work with leading cyber crime specialists and the Metropolitan Police to establish exactly what happened and the extent of any information accessed.

As a precautionary measure, Talk Talk,  are contacting all of their  customers immediately advising them on what to do.

What customer details may have been compromised?

The police are still investigating the exact circumstances of the attack and the extent of information accessed. There is a chance that some of the following customer data has been compromised:

  • Name
  • Address
  • Date of birth
  • Email address
  • Telephone number
  • TalkTalk account information
  • Credit card details
  • Bank account details

What are Talk Talk doing about it?

Talk talk  have been working around the clock with the police and cyber security experts to understand what happened, and what data was taken.

  • Talk Talk are contacting all of their clients customers straight away to let them know what has happened and will keep their clients up to date as more is learnt.
  • Talk Talk have taken all necessary measures to make their Talk Talkbsite secure again following the attack.
  • Talk Talk have contacted the Information Commissioner’s Office.
  • Talk Talk contacted the major banks, and they will be monitoring for any suspicious activity on customers’ accounts.
  • Talk Talk are looking to organise a year’s free credit monitoring for all of their customers and will be in touch on this in due course.

What should you do about it?

  • Keep an eye on your accounts over the next few months. If you see anything unusual, please contact your bank and Action Fraud as soon as possible. Action Fraud is the UK’s national fraud and internet crime reporting centre, and they can be reached on 0300 123 2040 or via www.actionfraud.police.uk
  • If you are contacted by anyone asking you for personal data or passwords (such as for your bank account), please take all steps to check the true identity of the organisation.
  • Check your credit report with the main credit agencies: Call Credit, Experian and Equifax. Noddle also allows free access to your credit report for life.

When did this happen?

The attack took place on Wednesday 21st October.

As soon as Talk Talk noticed unusual activity on their website, Talk Talk took the site down in an effort to protect data. Talk Talk also immediately informed the Metropolitan Police Cyber Crime Unit, who are investigating the case.

How do I change my My Account password?

We’re still working to ensure My Account is safe and secure and for now, you won’t be able to login and change your password. Once My Account is back online, you’ll be able to change your password quickly and easily. Unfortunately, it’s only possible to change your password through our website – we can’t help if you call us about this. We’ll post an update here and on Twitter@TalkTalkCare as soon as My Account is available again.

How can I change my password if the site is down?

Changing your password is only possible through My Account, which is currently unavailable as a precaution while our investigations continue.

Whilst the site is down you don’t need to change your password as no one can get access. There are very clear instructions on our page and when the site is back up you will be able to go in and change it.

A lot of people tend to use the same password across numerous accounts so if you’ve used a talktalk password for other sites, we recommend you change the password on them as soon as possible.

Why did I hear about this from the news, not TalkTalk?

We started writing to every customer yesterday (Thursday), but rather than waiting for letters to arrive in the post we’ve been working with the media to ensure people get the information they need as quickly as possible. We’ve also published a guide on our website for customers which has further details on what has happened, what it means for customers and what we’re doing to resolve it.

How many people are affected?

We can’t be sure yet, it’s too early to say. Identifying the extent of information accessed is part of the investigation that’s underway.

What can they do with the data that’s been stolen?

They can’t take money from your bank account, but there is a risk they might use the data for identity fraud.

Customers need to be vigilant and keep an eye on your accounts over the next few months. If you see anything unusual, please contact your bank and Action Fraud as soon as possible. Action Fraud is the UK’s national fraud and internet crime reporting centre, and they can be reached on 0300 123 2040 or via www.actionfraud.police.uk

If you are contacted by anyone asking you for personal data or passwords (such as for your bank account), please take all steps to check the true identity of the organisation.

Check your credit report with the main credit agencies: Call Credit, Experian and Equifax. Noddle also allows free access to your credit report for life.

Was the data encrypted? If not, why not?

Not all of the data was encrypted. We constantly review and update our systems to make sure they are as secure as possible. We’re working with the police and cyber security experts to understand what happened and protect as best we can against similar attacks in future.

What more could you have done to prevent this attack?

We believed our systems were as secure as they could be. We work with world leading security experts and update our systems constantly.

As soon as we realised the website was under attack, we pulled the website down in an effort to protect data. As a further precautionary measure, we contacted our customers straight away to warn them of the potential risk and provide advice on what to do.

Unfortunately these criminals are very smart and their attacks are becoming ever more sophisticated.

Who’s behind the attack? And what methods did the attackers use?

It’s too early to say. A formal investigation by the Metropolitan Police is underway to establish exactly what happened.

Why were you targeted?

Unfortunately TalkTalk is by no means an isolated incident. Barely a week goes by now without cybercriminals using increasingly hostile and sophisticated methods to target companies that do business online. It’s not just companies like TalkTalk that are being targeted, banks, retailers like Apple and even the US Government have been victims.

Why didn’t you stop this attack?

As soon as we realised the website was under attack, we pulled the site down in an effort to protect data. We work with world leading security experts and believed our systems were as secure as they could be.

As a further precautionary measure, we contacted our customers straight away to warn them of the potential risk and provide advice on what to do.

Is my data now secure?

We’ve taken steps to secure our website and we constantly review and update our systems to make sure they are as secure as possible. Unfortunately cyber criminals are becoming increasingly sophisticated and attacks against companies that do business online are becoming increasingly frequent.

Are you confident your websites are now secure?

Since Wednesday we have carried out a thorough review with the help of leading cyber crime specialists and taken all necessary measures to secure our websites.

As cyber criminals will continue to target online businesses with hostile and sophisticated attacks, we are constantly updating our systems to make sure they are as secure as possible.

Can customers leave without penalty?

Obviously our main concern is to do right by our customers.

We don’t know exactly who has been affected at this point but as time goes on that will become clearer; we are warning as many people as possible right now as a precaution so our customers can be as safe as possible.

Our normal terms apply while we continue to find out exactly what has happened. We are working with cyber-crime specialists and the police to establish the extent of any information accessed and will share updates as and when we have them.

When will we have details of the free credit reporting for customers?

We are offering a year’s free credit monitoring with one of the three main credit checking agencies for all of our customers and will be contacting them with the details very soon

Is there a risk that ex-customers’ data may have been compromised?

We are working with the met police to investigate the cyber-attack and the extent of the info accessed.

There is a chance that previous TalkTalk customer’s details may have been compromised. For anyone concerned we have provided advice on our website and alerted the media to raise further awareness.

We are contacting all our customers by email and letter straight away to let them know what has happened and we will keep them up to date as we learn more

We recommend you change your password as soon as the site is back up.

It’s currently unavailable as a precaution while our investigations continue. Whilst the site is down you don’t need to change your password as no one can get in there. There are very clear instructions on our page and when the site is back up you will be able to go in and change it.

A lot of people tend to use the same password across numerous accounts. If you’ve used a talktalk password for other sites, we recommend you change them now.

Customers need to be vigilant and keep an eye on their accounts over the next few months. If you see anything unusual, please contact your bank and Action Fraud as soon as possible. Action Fraud is the UK’s national fraud and internet crime reporting centre, and they can be reached on 0300 123 2040 or via www.actionfraud.police.uk

If you are contacted by anyone asking you for personal data or passwords (such as for your bank account), please take all steps to check the true identity of the organisation.

You can check your credit report with the main credit agencies: Call Credit, Experian and Equifax. Noddle also allows free access to your credit report for life.

We’ve contacted the major banks, and they are monitoring for any suspicious activity on our customers’ accounts.