TalkTalk hush-hush on compo for up to 4 million customers after mega cyber attack

Harding jockeys for understanding and forgiveness

TalkTalk YouView set top box launch

TalkTalk boss Dido Harding went from one Blighty news broadcaster to another on Friday, admitting that the budget telco had screwed up but declining to commit to compensating customers affected by the major criminal attack on its system.

The ex-jockey claimed that it was too early for TalkTalk to know the extent of the security breach and its direct impact on the ISP's four million subscribers.

She told Channel 4 News: "The worse case scenario is that all of our customers details have been stolen."

Harding added that "world class external experts" were sifting through "millions of lines of data [and] the millions of databases." But she later corrected that number to "literally hundreds of databases".

TalkTalk's boss admitted that the company had failed to spend enough money on cyber security, prior to the attack on its systems.

She claimed to Channel 4 News: "My judgement was that it was better to inform our customers early."

However, it was a different story a few days ago when The Register first asked TalkTalk about its mystery outage back on Wednesday. In fact, the firm was tight-lipped about what had gone wrong.

Harding also declined to comment on pay-outs to subscribers who may have had their data plundered – including the possibility of bank details and other personal information being nicked – following the attack.

"It's too early for me to talk about compensation because I don't know precisely who's been affected and in what way," she told the broadcaster on Friday night.

"We have to look at things case-by-case and I do need to have the facts before I can just make a broad commitment like that," she said. "We need to understand precisely what information has been stolen and precisely what customers [are affected]."

Despite Harding's claims that TalkTalk had acted quickly to inform people of the attack, the UK's data watchdog only learned of the breach on Thursday afternoon. Information Commissioner Christopher Graham said yesterday that TalkTalk should have alerted the regulator sooner.

Fake Cisco spam floods TalkTalk accounts. Coincidence?

In the hours before TalkTalk took down its website, El Reg had asked the telco to explain why it was that so many of its customers had been inundated with hundreds of fake Cisco spam messages in their mailboxes.

We also wanted to know what TalkTalk had planned for its email system, following this tweet to a customer:

The dodgy missives had been flooding TalkTalk email account for weeks in the lead up to the attack.

El Reg still awaits a response to these questions from TalkTalk. Today, we've asked it if this spam had any relation to the attack. But at time of writing, we hadn't immediately heard back from the telco. ®

Update

In response to our question about the fake Cisco spam and whether it was related to the attack on the company's systems, a TalkTalk spokesbeing told the Reg on Saturday afternoon: "As far as we know this isn't connected."

The Register has created a timeline of TalkTalk's contradictory comments following on from the initial announcement of a website outage.




Biting the hand that feeds IT © 1998–2018