On Friday, a British phone and broadband provider TalkTalk announced a criminal investigation launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyberattack on the company’s website.
“That investigation is ongoing, but unfortunately there is a chance that some of the following data has been compromised: names, addresses, date of birth, phone numbers, email addresses, TalkTalk account information, credit card details and/or bank details. We are continuing to work with leading cybercrime specialists and the Metropolitan Police to establish exactly what happened and the extent of any information accessed,” says the statement on the company’s website.
According to Krebs on Security, the website that specializes on cybercrime and other Internet security topics, TalkTalk has received a ransom demand of approximately £80,000 (~USD $122,000), with the attackers threatening to publish the company’s customer data unless they are paid the amount in Bitcoin. The hacker provided TalkTalk with copies of the tables from its user database as evidence of the breach. The database in question appears related to at least 400,000 customers who have recently undergone credit checks for new service with the company.
However, TalkTalk states that it is too early to say exactly how many customers were impacted.
“Identifying the extent of information accessed is part of the investigation that’s underway,” the company said.
There have appeared threats to post the stolen data on AlphaBay, a Deep Web black market that specializes in selling stolen goods and illicit drugs. Someone using the nickname “Courvoisier” made the posting. The user’s signature describes him as “Level 6 Fraud and Drugs seller,” which means he is an active participant in the AlphaBay market with many vouches from happy customers who have turned to him for illegal drugs and stolen credit cards, among other goods and services.
It seems that Courvoisier is not simulating about posting TalkTalk’s customer data. According to a discussion thread on Reddit.com dedicated to explaining AlphaBay’s new Levels system, an AlphaBay seller who has reached the status of Level 6 has successfully consummated at least 500 sales worth a total of at least $75,000, and achieved a 90% positive feedback rating or better from previous customers.
It should not go unmentioned, that, according to Inside Bitcoins News, not all of the sensitive customer data was properly encrypted by TalksTalks, even though nowadays not encrypting data is unacceptable and reflects badly on companies neglecting to take proper security precautions.
At the moment, the number of affected TalkTalk customers is still unknown. Taking into account that the provider serves 4 million customers in the United Kingdom, the consequences may be severe.
Furthermore, according to BBC, several British companies have been facing DDoS attack yesterday, and TalkTalk might not be the only ones affected by a data breach.