TalkTalk

  • -

TalkTalk

TalkTalk

 


TalkTalk
We know it’s been a worrying and frustrating time since Wednesday’s cyber attack on our website. We’re doing everything we can to get to the bottom of what happened as soon as possible and to keep you updated. Our investigations are currently showing the following:
The number of customers affected and the amount of data potentially stolen is smaller than originally thought. Our website was attacked, but our core systems weren’t and remain secure.
On its own, none of the data that may have been accessed could be used to leave you financially worse off.
We don’t store unencrypted credit or debit card data on our site, so any card details which may have been accessed have the 6 middle digits blanked out. For example, it would appear as 012345XXXXXX6789. This means it can’t be used for financial transactions.
No My Account passwords have been accessed.
No banking details were taken that you won’t already be sharing with people when you write a cheque or give to someone so they can pay money into your account.
We will continue investigating and promise to keep you updated as we know more. In the meantime, we strongly encourage that you:
Sign up to your free credit reporting service using this code: TT231. We have partnered with Noddle, one of the leading credit reference agencies, to offer 12 months of credit monitoring alerts for all customers. You can find out more at www.talktalk.co.uk/secure.
Stay vigilant – TalkTalk will NEVER call customers and ask you to provide personal details or passwords. Please take all steps to check the true identity of any organisation that calls requesting personal information. If you have any doubts, please call us on 0800 083 2710 or 0141 230 0707.
We are sorry for the concern this week’s attack has caused, but want to reassure you that we are doing everything possible to keep your information safe.

For more information, please visit: www.talktalk.co.uk/secure.

Yours sincerely,
TAHanison
Tristia Harrison
Managing Director, Consumer
TalkTalk Telecom Limited, 11 Evesham Street, London W11 4AR. Registered in England & Wales No. 4633015

  • 0

TalkTalk cyber-attack: Website hit by ‘significant’ breach – BBC News

Banking and personal details of up to four million TalkTalk customers may have been stolen in a “sustained” cyber-attack on its website, the company says.

Source: TalkTalk cyber-attack: Website hit by ‘significant’ breach – BBC News


  • 0

Businesses beware of new cyber scams

    Businesses beware of new cyber scams

Businesses are at risk of being targeted by the latest cyber scams affecting Apple, Android, Adobe Flash, Windows 10 and email users.

In a report issued by the UK’s national fraud and internet crime reporting centre, the most recent threats are outlined along with preventative measures and solutions, as suggested by Action Fraud.

First of the outlined threats is an Apple OS X hack, attackers have been taking advantage of a new bug known as DYLD, installing malware and adware on Macs without the need for a password or administrative permissions. Currently a patch is being created to fix this and Action Fraud recommends keeping a look out for OS X updates.

Apple has also fallen victim to its first firmware worm known as Thunderstrike 2 (firmware is the control programme for a device). After being downloaded onto a computer (via phishing emails, malicious websites etc.) the worm infects accessories connected via Thunderbolt connection.

It then targets and lives in the firmware of a device and can evade a whole system reboot. To combat this, ensure all updates are enabled and avoid using untrusted Thunderbolt devices in your Mac.

The second is a vulnerability that has been detected in Android OS. It causes a device to constantly reboot itself when triggered by an app or a specially crafted website. The trigger prompts the user to play a media file (.MKV) via the media server plugin, which is then exploited causing the device to be stuck in reboot cycle.

To counteract this, the device needs to be rebooted in Safe Mode by holding the power button down and pressing the PowerOff option, until you see the pop-up box asking you to restart in Safe Mode.

A patch for this should be released soon and Google has classified this only as a low level vulnerability.

The Third scam involves fake Windows 10 upgrade emails being sent out as part of a new spam campaign which, once opened, infects victims with ransomware. The email comes from update@microsoft.com and the attachment is named”Win10Installer.zip”.

To avoid becoming victim to the upgrade scam, Action Fraud suggests regularly backing up your files to an external hard drive that is disconnected from your computer when not in use. Avoid downloading any attachments claiming to be Windows 10 upgrades and only download the new OS from either the Microsoft website or the update icon at the bottom corner of the screen.

The fourth scam is a vulnerability reportedly affecting Adobe Flash. This had originally been patched by Adobe on the 14th July, but is now back. A group of hackers have bought ads across Yahoo’s sports, news and finance sites and they are now exploiting Adobe Flash extensively in a Yahoo “malvertising” campaign.

When a computer – in this case one running Windows, visits a Yahoo site, it downloads malware code.

From there, the malware hunts for an out-of-date version of Adobe Flash, which is then used to commandeer the computer – either holding it for ransom until the hackers are paid off, or discreetly directing its browser to websites that paid the hackers for traffic.

So far this is reported to have claimed at least 950,000 victims worldwide with an unprecedented success rate. Ensure Adobe Flash player is updated regularly and enable the “ask to activate” feature.

Lastly, a Distributed Denial of Service (DDoS) attack has been reported to the Internet Crime Complaint Centre, following an increased number of complaints from businesses reporting extortion campaigns via e-mail.

In a typical scenario, the victim business receives an e-mail threatening a (DDoS) attack to its website, unless it pays a ransom.

Action Fraud recommends refraining from opening unknown emails and reporting any emails to: www.actionfraud.police.uk.

Article courtesy of Gloucester Punchline