Oh no, not again. TalkTalk has found itself in yet more hot water over their security after the ISP admitted that private information being held by its own “BrightSparks” engineers (NOT Openreach) had been compromised and strategically abused to defraud several subscribers.
At this point we’ve started to lose track of the ISPs security fails, but sadly here’s another one to add to last year’s huge cyber-attack (here) and of course the recent abuse by Wipro’s call centre staff in India (here) that may or may not be related to today’s news.
The latest situation began last November after criminals attempted to steal money from several of the ISP’s customers, often only a day after they had been visited by one of TalkTalk’s broadband engineers. During the visit the engineer told the customers to expect a follow-up call the next day, which occurred as planned, but the BBC’s Radio 4 Money Box programme notes that all was not what it seems.
Apparently the follow-up call, which confirmed accurate details of the earlier visit (i.e. the caller clearly had access to the subscriber’s information), then proceeded to trick TalkTalk’s customers into allowing them to take control of their computers by installing Malware for the purpose of carrying out fraudulent activity.
As if the situation couldn’t get any worse the ISP initially refused to acknowledge that the call had even taken place, although this was perhaps a result of the fraudsters working to cover their tracks or possibly not even using the official call centre. In a brief statement the ISP said it was “sorry” for the problems and confirmed that they had also notified the Information Commissioners Office (ICO).
Crucially it’s unclear if the recent Wipro arrests are related to today’s news and TalkTalk will not comment until the investigation has concluded. Unfortunately this isn’t the end of the story because another customer told the same radio show that they too had suffered a similar indecent, which occurred only last week. TalkTalk claims not to have received any further complaints about this issue since last year, so hopefully the one who called into Money Box is promptly moving to update them.
Comments are closed.
I’m sure I vaguely recall something similar to this in the past? Can’t say it was TalkTalk for sure though but I do remember something about customer data being carried around by engineers and left in clear sight of other customers?
TalkTalk is fit for the bin, I don’t even think Dido’s spin can save it now
KCOM, I believe.
That’s the one 🙂 thanks
TalkTalk will carry on, but they need to start learning quick. What’s this about [intricate] indecency though Mark, the auto-filters will be having your site banned.
The scary thing about this is that the fraudsters obviously had near REAL TIME access to the data; calls were made the next day; so this isnt the result of a standard database hack, but someone with consistent, daily access to TT systems.
I have Scammers who ring me and tell me that they are from Talk Talk technical department, they are able to quote MY NAME, MY ADDRESS, MY PHONE No, MY TALK TALK ACCOUNT No.
They didn’t get this information from me