TalkTalk customers' bank details potentially compromised in 'sustained cyber-attack'

Cut-price ISP TalkTalk subjected to third major cyber attack in less than a year

Accident prone internet service provider TalkTalk has been subjected to a "significant and sustained cyber attack" in which the credit card and bank details of its four million customers could have been compromised.

The company has only confirmed the attack and its potential severity in the past hour to the BBC, after its website and other services had been down for two consecutive days.

TalkTalk managing director Tristia Harrison said in a statement that it was possible that customer details may have been stolen in the attack. "There is a chance that some of the following data has been compromised: names, addresses, date of birth, phone numbers, email addresses, TalkTalk account information, credit card details and/or bank details," she admitted.

The company is working with "leading" cyber crime specialists and the Metropolitan Police's National Cyber Crime Unit "to establish exactly what happened and the extent of any information accessed", she continued.

CEO Dido Harding added: "TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organisations.

"We take any threat to the security of our customers' data extremely seriously and we are taking all the necessary steps to understand what has happened here. As a precaution, we are contacting all our customers straight away with information, support and advice around yesterday's attack."

However, Harding's security claims will ring somewhat hollow after the company was the target of an earlier attack at the end of 2014 and the beginning of 2015, which was only publicly exposed in February.

Furthermore, TalkTalk had only yesterday denied being the subject of a cyber attack when journalists questioned it over the website outage and problems that customers had been reporting accessing emails.

TalkTalk was founded by retailer Carphone Warehouse, but demerged from it in 2010. Some of its systems, though, are still run under contract by Carphone Warehouse. At the beginning of August this year, some TalkTalk customers received warnings that some of their personal details may have been exposed as part of a cyber attack against Carphone Warehouse.

Affected customers were offered free credit monitoring for a year to help them monitor whether their details might subsequently be exploited, either directly or via identify theft.

At the time, the company issued a statement admitting the attack, which concluded: "We take our customers' security very seriously, and we've already put in place additional security measures to prevent further attacks". [Our emphasis]