There is an increasing awareness of the importance of cyber security, a top British professor recently admitted that cyber hackers now pose a greater threat to UK national security than nuclear weapons. Such an admission might lead one to expect that legal measures be in place to deal with the growing importance of the cyber-sphere. Unfortunately for the UK that does not seem to be true with the legislature seemingly slow to react to the current state of affairs.
The 1998 Data Protection Act compels companies to 'consider' data encryption, there is a legal requirement that corporations implement stable security measures to prevent personal data from being compromised, intentionally or accidentally. Another major data breach has questions being asked as to the adequacy of this legislation in 2015.
Such questions have arisen as a result of TalkTalk's latest woes. The company that supplies four million subscribers with internet services has suffered a third data breach in less than 12 months. As a major major UK phone, broadband internet and television provider the telecommunications outfit is entrusted with sensitive personal data such as bank, credit card, names, birth dates, email and postal addresses by its customers. Chief Executive Dido Harding's admission of ignorance as to whether the data stolen by hackers was encrypted has lead to louder calls for updated guidelines on what companies should do to safeguard consumer information. Third party researchers have long since noted that TalkTalk has failed to comply with current web security standards dealing with credit card payments and personal details, a fact that has contributed to their continued failure to combat data theft.
An attack is said to have taken place on Wednesday 21st October, TalkTalk claim to have noticed unusual activity on its website which prompted them to take the site offline. On Friday 23rd October the company admitted to having received a ransom demand from the alleged hacker. Third party sources claim that the ransom was for $122,000 with the attackers threatening to leak the data if payment is not made. Evidence of the data was provided in the form of a database sample.
Some customers have challenged TalkTalk's timeline, arguing that the breach took place as early as September 10th and that they have already been contacted by scammers looking to cash in on the data haul. A number of customers claim to having already been duped by fraudsters over the phone as a result of the data breach, with some having lost their life savings as a result.
Security experts claim that personal data from the TalkTalk breach has already found its way onto the dark web markets. London’s Metropolitan Police continues to investigate the attack, as of the November 1st four arrests have been made with only three having been made public by the press. It has been suggested that this was a communal effort with at least twenty hackers having collaborated to access TalkTalk's data.
The news of the attack on the TalkTalk website caused the company's share price to drop by 10%, an acknowledgment of the level of embarrassment combined with an understanding of how damning such an event could be in the long term. Rival service providers are sure to profit from this latest bout of negligence. The threat of lawsuits as a result of the data breach currently lingers over the company. TalkTalk has admitted that it faces a compensation bill that could cost millions of pounds.
TalkTalk's failure has awoken the British public to the vulnerable state of much of the nation's critical infrastructure. This recent data breach has reignited calls for greater government regulation pertaining to the cyber-sphere. There is an increasing awareness that to leave such a vital component of the economy so obviously open to abuse is increasingly dangerous, if not an act of collective gross negligence.
0 comments:
Post a Comment