A TalkTalk customer whose details have apparently been leaked following an attack on the broadband business' website has said he is "disgusted" with the "absolute joke of a company" after his name, phone number, email address, home address, bank details, and date of birth were published on the internet by hackers.
Ben Galloway, who works in sales in Belfast, said he was horrified to discover all his key personal details are now freely available online following the hack of one of Britain's biggest telecoms companies – and that he only learned of this when contacted by BuzzFeed News, rather than from the company.
"I'm absolutely disgusted that TalkTalk don't have the proper data protection for other people to go ahead and get access to all my details," said Galloway. "There could be a fraud committed with my details."
The Metropolitan police's cyber crime unit has launched an investigation into the hack on the company's website. In a statement, TalkTalk said that there is a chance that names, addresses, dates of birth, phone numbers, email addresses, account information, credit card details, and bank details of up to 4 million UK customers have been accessed by hackers. It is thought that all customers could be affected by the leak, although the company said is too early to tell.
Galloway's details had been included on a small sample list of data apparently leaked by the hackers to prove that the rest of the database was real.
As one of only a few individuals who appear to have had their details leaked so far, he was appalled that he had not been contacted by TalkTalk.
"They should have contacted me as soon as it happened rather than waiting for a journalist to tell me," Galloway said.
"There's obviously some sort of action that needs to be taken, like legal action."
Galloway, who said he recently cancelled his service from the phone and broadband provider after discovering he could get a cheaper deal elsewhere, said he would now never recommend people sign up with the business: "No, 110% no. They're an absolute joke of a company."
He said he had had no guidance from TalkTalk on what to do now that all his key personal and banking details were available online.
"What the hell do I do?" he asked.
In a note attached to Galloway's details was a message claiming to be from a hacker "in Soviet Russia".
"Prepare, secure your websites, secure your borders, secure your country, but jihad from us is coming," the hacker says in a statement accompanying the apparent leak of customer information.
We Have adapted To The Security measures Of The Web,, We Cannot Be Stopped. We Have Made Our Tracks Untraceable Through Onion Routing, Encrypted Chat Messages, Private Key Emails, Hacked Servers. We Will Teach our Children To Use The Web For Allah.. Your Hands Will Be Covered In Blood.. Judgement Day Is Soon
Your One Childrens Name Is Mohammed. Your Women Are being Taken Over By Us. Your Children are being Killed By Us For Being Shit On Earth.
WE Are In The Soviet Russia And Near Place, Your Europe, WE control Asia, We Control AMERICA
TalkTalk's CEO Dido Harding told the BBC that she had received an email demanding ransom money from the cyber-attackers, and believed that they were interested in bringing down the company's infrastructure as well as accessing customer data.
"It is hard for me to give you very much detail, but yes, we have been contacted by, I don't know whether it is an individual or a group, purporting to be the hacker," she said.
On Friday, a group of British business leaders urged the government to do more to take more action on cybercrime, telling the BBC that the police should make it an urgent priority. Oliver Parry, the Institute of Directors' senior corporate governance advisor said: "The risks need to be reviewed regularly by the board of directors, who must ensure they know where the potential threats are coming from and are prepared in case the worst happens."
But as Harding admitted that she didn't know how much of TalkTalk's data was encrypted, Parry recognised that it was ultimately up to companies to protect their customers' information.
The Metropolitan police said the investigation is ongoing and no arrests have been made yet.
"TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime impacting an increasing number of individuals and organisations," Harding said in a statement when the attacks were confirmed. "We take any threat to the security of our customers' data extremely seriously and we are taking all the necessary steps to understand what has happened here. As a precaution, we are contacting all our customers straightaway with information, support, and advice around yesterday's attack."