TalkTalk data breach exposes significant security gaps

The UK ISP, TalkTalk has announced that four million subscribers may have become victims of yet another large scale data breach following a “sustained cyber-attack”.

TalkTalk said potentially all customers could be affected but it was too early to know what data had been stolen.

James Maude, Senior Security Engineer at Avecto said the breach called into question the state of cyber security at some of our biggest organizations:

“This is an ongoing issue for large businesses who seem to be increasingly unable to safeguard user’s data. Often a fairly static security program and reliance on out of date technologies is the root cause. We have accepted that threats evolve and change rapidly and yet we fail to evolve defences, often organizations are applying generic solutions to unique targeted attacks.

“The implications of these breaches are far more wide ranging than users realise. We expect to see a number of phishing scams pretending to be from TalkTalk asking users to click links, enter details or download attachments to appear in the next week. With the level of detail stored by the ISP, such as address, bank details and date of birth this could be just the start of problems for TalkTalk customers who could be targeted for year to come.

“TalkTalk will have a number of questions to answer in the next few months including whether the data was encrypted and how a breach on this scale has happened again after all the warning signs in the industry.”