Partner Article
Lessons to be learnt from TalkTalk data breach
This week TalkTalk, the communications provider have finally admitted to a damaging data breach which has led to thousands of sensitive customer records being exposed to criminals. The breach was suspected three months ago when it was reported that an increase in complaints from real customers who had experienced bogus TalkTalk calls. In the calls thieves posed as TalkTalk staff and attempted (successfully in some cases) to extract bank account details during the course of a conversation aimed at solving a “serious security lapse”.
The approach TalkTalk took when suspicions were raised over 4 months ago was to dismiss the potential that the breach was happening and then to pass off the responsibility to a supplier, saying that the breach had happened on their watch, clearly washing their hands of any responsibility in the matter.
Time has now passed as complaints have escalated and finally TalkTalk have admitted that their customers have indeed suffered a breach of their sensitive customer details. This sorry tale is a textbook example of how an organisation should not respond to a suspected breach.
A number of points spring to mind here:-
1. TalkTalk own the customer relationship and if they decide to have a supplier fulfill an element of the customer journey that should not change this fact. We outsource responsibility not accountability.
2. Regardless of whether TalkTalk had effective security policies in place, the fact that a customer or number of customers had raised a suspicion should have resulted in an immediate investigation, using digital forensic techniques at the supplier site.
3. The customer should have been informed of this investigation in advance, what steps, timelines, communication points and when to expect a resolution if possible. TalkTalk should also have attempted to re-secure the customer security credentials and perhaps offered a credit vetting subscription service to monitor potential impact from this breach.
4. TalkTalk have now informed the ICO, the proposed EU law change (mentioned in a previous post) will likely force them to do this within 24hours. The ICO will take account of how TalkTalk dealt with the initial stages of this breach in deciding what action to take.
5. A review of the evidence collected from the forensics work should inform a complete review of policy to learn the security lessons for the future. In particular, ongoing continuous network monitoring including those of the suppliers who handle data on their behalf.
The steps outlined here are not exhaustive but aim to highlight the key points that would have seen TalkTalk come out of this breach as stars whereas, it is likely some customers will vote themselves out of this particular show!
This was posted in Bdaily's Members' News section by Dave Lloyd .
Enjoy the read? Get Bdaily delivered.
Sign up to receive our popular morning National email for free.
Our Partners
When will our regional economy grow?
Creating a thriving North East construction sector
Why investors are still backing the North East
Time to stop risking Britain’s family businesses
A year of growth, collaboration and impact
2000 reasons for North East business positivity
How to make your growth strategy deliver in 2026
Powering a new wave of regional screen indies
A new year and a new outlook for property scene
Zero per cent - but maximum brand exposure
We don’t talk about money stress enough
A year of resilience, growth and collaboration