2015 TalkTalk data breach

Last updated

In October 2015, British telecomminucations provider TalkTalk experienced a cyber attack that resulted in a data breach. As a consequence, personal and banking details of around 160,000 customers were illegally accessed. [1]

Contents

In the course of the attack, TalkTalk received a ransom demand from a group claiming to be responsible. Some customers complained that they were targeted by criminals before TalkTalk disclosed the cyber-attack, and the Chair of the Home Affairs Select Committee said "Suggestions that TalkTalk has covered up both the scale and duration of this attack ... must be thoroughly investigated."

Attack and perpetrators

The attack was carried out using SQL injection. [2]

In September 2016, hacker Daniel Kelley was charged with blackmail, computer hacking, and fraud in connection with the TalkTalk data breach and various other attacks. [3] He pleaded guilty to 11 of the offences later that year. He was sentenced to 4 years jail time in 2019. [4]

In November 2018, two further suspects were found guilty of cybercrime charges in connection with the data breach. [5] [6]

Scope

It was initially thought that up to 4 million customers could be affected by the breach. [7] On 24 October, TalkTalk issued a statement saying that a "materially lower" amount of customers’ financial information was stolen, and that the stolen data was not sufficient for money to be taken from bank accounts. On 6 November, TalkTalk stated that the impact of the breach was "much more limited than initially suspected", adding that 156,959 customer accounts were involved, from which 15,656 sort codes and bank account numbers had been taken. There were 28,000 partial credit and debit cards stolen, but the data was insufficient for carrying out transactions on those cards. TalkTalk stated that the lost data had not been encrypted, and that they had not been legally required to encrypt it.

Aftermath

The direct and indirect costs of the attack for TalkTalk have been estimated at £ 77 million. [4] On 5 October 2016, TalkTalk was fined £400,000 by the Information Commissioner's Office for its negligence on securing client data. [8] [9]

Related Research Articles

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

<span class="mw-page-title-main">Data breach</span> Intentional or unintentional release of secure information

A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".

TalkTalk Telecom Group plc is a company that provides pay television and Internet access services to businesses and consumers in the United Kingdom. It was founded in 2003 as a subsidiary of Carphone Warehouse and was demerged as a standalone company in March 2010. Its headquarters are in Salford.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

<span class="mw-page-title-main">AlphaBay</span> Darknet marketplace

AlphaBay was a darknet market operating at different times between September 2014 and February 2023. Both as an onion service on the Tor network and as an I2P node on I2P. After it was shut down in July 2017 following law enforcement action in the United States, Canada, and Thailand as part of Operation Bayonet, it was relaunched in August 2021 by the self-described co-founder and security administrator DeSnake. The alleged original founder, Alexandre Cazes, a Canadian citizen born on 19 October 1991, was found dead in his cell in Thailand several days after his arrest, with police suspecting suicide.

<span class="mw-page-title-main">Carding (fraud)</span> Crime involving the trafficking of credit card data

Carding is a term describing the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

The Internet service company Yahoo! was subjected to the largest data breach on record. Two major data breaches of user account data to hackers were revealed during the second half of 2016. The first announced breach, reported in September 2016, had occurred sometime in late 2014, and affected over 500 million Yahoo! user accounts. A separate data breach, occurring earlier around August 2013, was reported in December 2016. Initially believed to have affected over 1 billion user accounts, Yahoo! later affirmed in October 2017 that all 3 billion of its user accounts were impacted. Both breaches are considered the largest discovered in the history of the Internet. Specific details of material taken include names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords. Further, Yahoo! reported that the late 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to gain access to any account without a password.

The Dark Overlord is an international hacker organization which garnered significant publicity through cybercrime extortion of high-profile targets and public demands for ransom to prevent the release of confidential or potentially embarrassing documents.

REvil was a Russia-based or Russian-speaking private ransomware-as-a-service (RaaS) operation. After an attack, REvil would threaten to publish the information on their page Happy Blog unless the ransom was received. In a high profile case, REvil attacked a supplier of the tech giant Apple and stole confidential schematics of their upcoming products. In January 2022, the Russian Federal Security Service said they had dismantled REvil and charged several of its members.

Vastaamo was a Finnish private psychotherapy service provider founded in 2008. On 21 October 2020, Vastaamo announced that its patient database had been hacked. Private information obtained by the perpetrators was used in an attempt to extort Vastaamo and, later, its clients. The extorters demanded 40 bitcoins, roughly 450,000 euros, and threatened to publish the records if the ransom was not paid. To add pressure to their demands, the extorters published hundreds of patient records a day on a Tor message board.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

<span class="mw-page-title-main">Health Service Executive ransomware attack</span> 2021 cyber attack on the Health Service Executive in Ireland

On 14 May 2021, the Health Service Executive (HSE) of Ireland suffered a major ransomware cyberattack which caused all of its IT systems nationwide to be shut down.

Lapsus$, stylised as LAPSUS$ and classified by Microsoft as DEV-0537, is an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies.

Daniel Kelley is a British computer hacker who, at the age of 16, hacked computer systems and blackmailed individuals and companies around the world over a period of years. He would come to be described as a "prolific, skilled and cynical cyber-criminal".

In September 2022, Optus, Australia's third largest telecommunications company, suffered a data breach, affecting up to 9.7 million current and former customers, over a third of Australia's population. Information illegally obtained included names, birthdates, home addresses, phone numbers, email contacts, and passport and driving licence numbers. Conflicting claims have been made about how the breach happened; Optus presented it as a complicated attack on their systems, while an Optus insider and the Australian government have claimed that a human error causing a vulnerability in the company's API occurred. A ransom notice was made, asking for A$$1,500,000 to stop the data being sold online. After a few hours, they deleted the ransom notice and apologised for their actions.

References

  1. "TalkTalk cyber-attack: Boss 'very sorry for security breach'". BBC News . BBC. 23 October 2015. Archived from the original on 23 October 2015. Retrieved 23 October 2015.
  2. "How an outdated database led to a data breach: Unpicking the TalkTalk cyber attack". cyberstart.com. Archived from the original on 2023-03-14. Retrieved 2023-07-13.
  3. Association, Press (2016-09-27). "Teenager appears in court over TalkTalk cyber-attack". The Guardian. ISSN   0261-3077. Archived from the original on 2023-06-14. Retrieved 2023-07-13.
  4. 1 2 "TalkTalk hacker Daniel Kelley sentenced to four years". BBC News. 2019-06-10. Archived from the original on 2022-11-01. Retrieved 2023-07-13.
  5. "TalkTalk hack attack: Friends jailed for cyber-crimes". BBC News. 2018-11-19. Archived from the original on 2023-02-05. Retrieved 2023-07-13.
  6. Association, Press (2018-11-19). "Two men jailed for involvement in TalkTalk hacking". The Guardian. ISSN   0261-3077. Archived from the original on 2022-11-26. Retrieved 2023-07-13.
  7. "TalkTalk cyber-attack: Boss 'receives ransom email'". BBC News. 2015-10-23. Archived from the original on 2022-11-27. Retrieved 2023-07-13.
  8. "TalkTalk's Cyber Security Negligence Gets Hit With £400,000 ICO Fine". 5 October 2016. Archived from the original on 8 December 2016.
  9. "TalkTalk fined £400,000 over cyber theft". BBC News. 5 October 2016. Archived from the original on 22 November 2016.