Parliament to open inquiry into data security following TalkTalk breach
MPs to look at the 'nature, role and importance of encryption' at the same time
The Culture, Media and Sport Committee is to open an inquiry into the security of online data following the TalkTalk cyber attack at the end of October in which the personal details of more than a million customers were exposed.
The Committee claims that it will use its powers to find out more about the circumstances of the security breach, including:
- "The nature of the cyber-attacks on TalkTalk's website and TalkTalk's response to the latest incident;
- The robustness of measures that telecoms and internet service providers are putting in place to maintain the security of their customers' personal data and the level of investment being made to ensure their systems remain secure and anticipate future threats;
- The nature, role and importance of encryption in protecting personal data;
- The adequacy of the supervisory, regulatory and enforcement regimes currently in place to ensure companies are responding sufficiently to cyber-crime;
- The adequacy of the redress mechanisms and compensatory measures for consumers when security breaches occur and individuals' personal data are compromised;
- Likely future trends in hacking, technology and security."
Evidence will be heard later this month. The inquiry will be conducted alongside the "Establishing World-Class Connectivity Throughout the UK" inquiry.
"The recent events have highlighted serious issues relating both to existing cyber-security and the response to cyber-crime. This Committee is concerned with the attacks on TalkTalk specifically as a telecoms and internet service provider, but with the recent move of the Information Commissioner's Office to the Department for Culture, Media and Sport, we will also be looking more widely at the security of personal information online," said Committee Chair Jesse Norman MP.
Following four arrests this week and last week, it would appear that TalkTalk succumbed to a relatively simple SQL injection attack perpetrated by "script kiddies", rather than a more sophisticated attack by knowledgeable operators.