UK ISP TalkTalk Confirm Loss of 101,000 Subscribers After Cyber-Attack

As feared last year’s cyber-attack (here) had a significant impact upon TalkTalk, albeit not nearly as big as some had predicted (here), with today’s vague trading update reporting that the ISP’s on-net subscriber base declined by -101,000 during the final quarter of 2015 (calendar).

The ISP’s reputation was hit hard by last October’s attack, which exposed a significant number of customers and their personal details to abuse by hackers. The situation might not have been so bad had the provider not also suffered two very similar prior incidents, including one in 2014 that they were infamously slow to confirm.

TalkTalk had previously estimated that the financial impact of the Cyber-Attack alone could be £30-35m, although today’s extremely vague trading update (the ISP now only publishes two detailed reports every year) gives us some fresh detail. Sadly we don’t get a full breakdown of subscribers and won’t see that until the Q1 2016 (calendar) results.

TalkTalk’s Cyber-Attack Impact (Financial)

As a result of a c£15m trading impact arising from Q3 disruption (higher churn and foregone revenues, offset by SAC savings on lower connections) and a c£20m impact from the lower customer base with which we entered Q4 and reprioritisation of certain Making TalkTalk Simpler activities, we now expect FY16 EBITDA of £255m – £265m.

The exceptional costs of restoring our online capability with enhanced security features, associated IT, incident response and consultancy costs, and free upgrades, are expected to total £40m-£45m.

Since then a number of individuals have been arrested in connection with the attack and a separate security review also resulted in the arrest of several people at TalkTalk’s outsourced Wipro call centre in India (here), where three customer service agents were found to have abused private customer details in order to con people out of money.

At the same time TalkTalk has also been slowly improving the security of their website and they’ve also offered a lot of free incentives (here) to their existing subscribers in an effort to appease concerns. Apparently this was well received: “The unconditional free upgrade offer that we made available to all customers drove high levels of engagement with a 14% (489k) take-up rate, improved trust in the brand (+14%), and increased brand consideration (+22%).”

Dido Harding, CEO of TalkTalk, said:

“It is encouraging to see the business returning to normal after a challenging quarter that was dominated by the cyber attack. Our customers have responded well, with almost half a million customers choosing to take up our unconditional offer of a free upgrade.

Both churn and new connections recovered during December and January and independent external research has revealed that customers believe that we acted in their best interest. In fact trust in the TalkTalk brand has improved since just after the attack and consideration is higher now than it was before the incident.

Looking forward, we expect to deliver a material step up in profits in H2, with full year results in line with market consensus. With a renewed focus on our existing customers and the benefits of our transformation programme, we expect to deliver a further material improvement in profits in FY17. As the value for money telecoms provider we are well placed to benefit from the current regulatory reviews in the sector and expect to see quad play driving sustainable long term growth.”

Aside from that TalkTalk also reported “strong volume growth in Fibre [FTTC]” (+54,000) and more “modest growth” in Mobile (+13,000, excluding SIMs taken up as part of the free upgrade offer).

However we also note that some of TalkTalk’s subscribers had wanted to leave after the cyber-attack, but were prevented from doing so due to still being held under contract. As such we perceive that there could be a longer term threat via customer bleed (churn) as contracts come to an end, although such things usually heal with time.