Statement by TalkTalk PLC on Cyber Attack

22/10/2015

Today (Thursday 22nd October), a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyberattack on our website yesterday. That investigation is ongoing, but unfortunately there is a chance that some of the following data has been compromised: names, addresses, date of birth, phone numbers, email addresses, TalkTalk account information, credit card details and/or bank details. We are continuing to work with leading cyber crime specialists and the Metropolitan Police to establish exactly what happened and the extent of any information accessed.

Dido Harding, CEO, said: “TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organisations. We take any threat to the security of our customers’ data extremely seriously and we are taking all the necessary steps to understand what has happened here. As a precaution, we are contacting all our customers straight away with information, support and advice around yesterday’s attack.”

The following letter has been shared with TalkTalk customers:

We are very sorry to tell you that on Thursday 22nd October a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyberattack on our website on Wednesday 21st October. The investigation is ongoing, but unfortunately there is a chance that some of the following data may have been accessed:

  • Names
  • Addresses
  • Date of birth
  • Phone numbers
  • Email addresses
  • TalkTalk account information
  • Credit card details and/or bank details

We are continuing to work with leading cyber crime specialists and the Metropolitan Police to establish exactly what happened and the extent of any information accessed.

We would like to reassure you that we take any threat to the security of our customers’ data very seriously. We constantly review and update our systems to make sure they are as secure as possible and we’re taking all the necessary steps to understand this incident and to protect as best we can against similar attacks in future. Unfortunately cyber criminals are becoming increasingly sophisticated and attacks against companies which do business online are becoming more frequent.

What we are doing:

  • We are contacting all our customers straight away to let them know what has happened and we will keep you up to date as we learn more.
  • We have taken all necessary measures to make our website secure again following the attack.
  • Together with cyber crime experts and the Metropolitan Police, we’re completing a thorough investigation.
  • We have contacted the Information Commissioner’s Office.
  • We’ve contacted the major banks, and they will be monitoring for any suspicious activity on our customers’ accounts.
  • We are looking to organise a year’s free credit monitoring for all of our customers and will be in touch on this in due course.

What you can do:

  • Keep an eye on your accounts over the next few months. If you see anything unusual, please contact your bank and Action Fraud as soon as possible. Action Fraud is the UK’s national fraud and internet crime reporting centre, and they can be reached on 0300 123 2040 or via www.actionfraud.police.uk
  • If you are contacted by anyone asking you for personal data or passwords (such as for your bank account), please take all steps to check the true identity of the organisation.
  • Change the password for your TalkTalk account and any other accounts that use the same password
  • Check your credit report with the three main credit agencies: Call Credit, Experian and Equifax. Noddle also allows free access to your credit report for life.

Please be aware, TalkTalk will NEVER call customers and ask you to provide bank details unless we have already had specific permission from you to do so.

TalkTalk will also NEVER:

  • Ask for your bank details to process a refund. If you are ever due a refund from us, we would only be able to process this if your bank details are already registered on our systems.
  • Call you and ask you to download software onto your computer, unless you have previously contacted TalkTalk and agreed a call back for this to take place.
  • Send you emails asking you to provide your full password. We will only ever ask for two digits from it to protect your security.

We understand this will be concerning and frustrating, and we want to reassure you that we are continuing to take every action possible to keep your information safe. If you have any questions, please visit http://help2.talktalk.co.uk/

If you’re a customer and would like more information, go to our guide http://help2.talktalk.co.uk/oct22incident

If you are a member of the media, you can contact:

Our press office details: 0203 417 1867, alternatively you can email us at press.office@talktalkplc.com

Tulchan Communications: Talktalk@tulchangroup.com / 0207 353 4200

Back to Press release