TalkTalk call-centre workers arrested over customer records security breaches
TalkTalk to 'review' relationship with outsourcer Wipro after call-centre worker arrests
Workers at one of TalkTalk's outsourced call centres in India have been arrested over allegations of security breaches involving customer records.
Police in India have arrested three employees of TalkTalk contractor Wipro, who have been accused of stealing customer data, which has subsequently been used in a bid to scam customers.
And TalkTalk is threatening to tear up its contract with Wipro in response.
TalkTalk customers have complained for more than a year that they have been plagued by nuisance calls from people with inside information, including names, addresses and account numbers, claiming to be "technical support". Some have been taken in by the scammers and lost thousands of pounds in the process.
The company has been subjected to at least three known, serious cyber attacks over the past year or so, including one via its former parent company, Carphone Warehouse, now part of the Dixons Carphone group.
The most recent attack in October, meanwhile, involved a SQL injection crack and distributed denial-of-service (DDoS) attack, in which customer information was exfiltrated and the company's website taken down for two days. In the aftermath, TalkTalk admitted that some customer passwords might not have even been encrypted. However, the company claims that following a forensic investigation, "only" 156,959 customer accounts were compromised - not the millions that were originally claimed.
The arrests following an investigative report by Channel 4 television, which tracked down one TalkTalk customer's scammers to Kolkata, the city where Indian IT services giant Wipro handled its contract with TalkTalk. "Wipro's name came up in the course of my investigation into her case, and now it seems Indian police are extending their inquiry into the firm," claimed Channel 4 in a report.
TalkTalk said in a statement: "Following the October 2015 cyber attack, we have been conducting a forensic review to ensure that all aspects of our security are as robust as possible, including that of our suppliers.
"As part of the review, we have been working with Wipro, one of our suppliers, and the local police in Kolkata. Acting on information supplied by TalkTalk, the local police have arrested three individuals who have breached our policies and the terms of our contract with Wipro.
"The same site handles calls on behalf of a number of multinationals and our security teams will be sharing the details with them to ensure they can check their own operations. We are also reviewing our relationship with Wipro."
Ironically, TalkTalk outsourced a number of customer-relationship functions to Wipro after becoming overwhelmed by complaints over poor service.
The scammers used the information stolen from TalkTalk's CRM systems while working for Wipro to contact subscribers while pretending to be TalkTalk customer support.
Iain Frater, a TalkTalk customer and trainee doctor from Glasgow, was one target. He told the Guardian: "They had all the details you would expect TalkTalk to have at hand, including name, address, phone number and TalkTalk account number. The guy really sounded like he was in a TalkTalk call centre."
The scammers then attempted to direct Frater to a "technical support" website where, it is suspected, he would have been tricked into downloading malware onto his computer. Frater, however, says that he became suspicious when the scammer was unable to answer simple questions.
"I checked his name, job title and office location. I also asked if I could call back TalkTalk myself and be transferred to another representative. I tried to cut the call there, but I was then subjected to threats about what might happen if I hung up, including the possibility that my computer would blow up and kill me," he told The Guardian.
More than a quarter of a million customers have reportedly abandoned the company since the attack in October - although it somehow gained 100,000 at the same time - and the company has resorted to advertising free broadband in a bid to arrest its decline. According to market analysts Kantar, BT was the biggest winner, with one-fifth of TalkTalk defectors switching to the giant telco.