TalkTalk Has Been Criticised Over Its Handling Of Cyber-Attack
"We all need to be more vigilant," TalkTalk's CEO Dido Harding said.
TalkTalk faced continued criticism on Saturday as customers reported money missing from their accounts following this week's cyber-attacks.
On customer, Hilary Foster told the BBC she was missing £600 from her account. "I'm still very angry [about] the fact that my details are potentially out there somewhere on the internet and I'm going to have to keep checking my bank statements now for a long time," she said. Sarah Laird, the BBC said, told them her parents had lost £9,000.
While it was unconfirmed whether the losses could be attributed to this week's cyber-attack, several customers whose information had been leaked confirmed they were indeed TalkTalk customers when contacted by BuzzFeed News, and many more have reported receiving suspicious phone-calls since the attack.
Another customer, John Walter told The Telegraph that he had been contacted by someone claiming to be from TalkTalk and having his account details. "My partner gave them remote access to our laptop before realising it was a scam, and pulling the plug," he said. "But a virus had already been put on the computer and it's going to cost time and money to sort out."
Speaking on Sky News on Saturday afternoon, TalkTalk CEO Dido Harding encouraged customers to be "suspicious". She insisted that: "we will never call you out of the blue and ask you to give us this information."
"We all need to be more vigilant," Harding added.
In a statement on Saturday, TalkTalk tried to reassure customers that hackers would not have been able to access credit card details as the attack hit its website rather than core systems.
This cyber attack was on our website not our core systems.
We can confirm that we do not store complete credit card details on the website; any credit card details that may have been accessed had a series of numbers hidden and therefore are not usable for financial transactions eg 012345xxxxxx 6789.
TalkTalk My Account passwords have not been accessed.
We now expect the amount of financial information that may have been accessed to be materially lower than initially believed and would on its own not enable a criminal to take money from your account.
The Metropolitan Police Cyber Crime Unit criminal investigation continues.
But many felt not enough had been done to prevent the attack, the third of its kind on the phone and broadband provider this year.
On Friday Harding said she did not know how much of the company's data was encrypted.
Senior staff at the company had allegedly ignored warnings that its online security was lacking, The Times reported. A security consultant told the newspaper that he had been "fobbed off" by TalkTalk when he suggested that more of its online information should be encrypted.
Following the attack, British business leaders urged the government to do more to fight cybercrime. "The risks need to be reviewed regularly by the board of directors, who must ensure they know where the potential threats are coming from and are prepared in case the worst happens," Oliver Parry, the Institute of Directors' senior corporate governance advisor said.
As many customers wanted to terminate their accounts, TalkTalk said cases would be treated on an "individual basis," ThisIsMoney reported.
"We are not going to be able to make a decision on a compensation today. The police are still carrying out their investigation to establish what has happened and the extent of information accessed," a TalkTalk spokesperson said.
Harding said that "waiving standard terms & conditions is not something sensible I can do today."
As news of the incident broke on Thursday, a hacker who said they were in "Soviet Russia" published what they claimed was customer information to an online forum. "Prepare, secure your websites, secure your borders, secure your country, but jihad from us is coming," they said in an accompanying statement.
When BuzzFeed News contacted a selection of people on the list, they confirmed that they were TalkTalk customers.
The Metropolitan police said the investigation is ongoing and no arrests have been made yet.