We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Talk Talk ,,, move along now
Options
enfield_freddy
Posts: 6,147 Forumite
Your TalkTalk account number: xxxxxxxxx
Dear Mr xxxxxxx,
We know it’s been a worrying and frustrating time since Wednesday’s cyber attack on our website. We’re doing everything we can to get to the bottom of what happened as soon as possible and to keep you updated. Our investigations are currently showing the following:
•The number of customers affected and the amount of data potentially stolen is smaller than originally thought. Our website was attacked, but our core systems weren’t and remain secure
.•On its own, none of the data that may have been accessed could be used to leave you financially worse off. •We don’t store unencrypted credit or debit card data on our site, so any card details which may have been accessed have the 6 middle digits blanked out. For example, it would appear as 012345XXXXXX6789. This means it can’t be used for financial transactions.
• No My Account passwords have been accessed. •No banking details were taken that you won’t already be sharing with people when you write a cheque or give to someone so they can pay money into your account.We will continue investigating and promise to keep you updated as we know more. In the meantime, we strongly encourage that you:
•Sign up to your free credit reporting service using this code: TT231. We have partnered with Noddle, one of the leading credit reference agencies, to offer 12 months of credit monitoring alerts for all customers. You can find out more at www.talktalk.co.uk/secure
.•Stay vigilant - TalkTalk will NEVER call customers and ask you to provide personal details or passwords. Please take all steps to check the true identity of any organisation that calls requesting personal information. If you have any doubts, please call us on [URL="tel:0800%20083%202710"]0800 083 2710[/URL] or [URL="tel:0141%20230%20070"]0141 230 0707[/URL].We are sorry for the concern this week’s attack has caused, but want to reassure you that we are doing everything possible to keep your information safe.
For more information, please visit: www.talktalk.co.uk/secure. Yours sincerely,
Dear Mr xxxxxxx,
We know it’s been a worrying and frustrating time since Wednesday’s cyber attack on our website. We’re doing everything we can to get to the bottom of what happened as soon as possible and to keep you updated. Our investigations are currently showing the following:•The number of customers affected and the amount of data potentially stolen is smaller than originally thought. Our website was attacked, but our core systems weren’t and remain secure
.•On its own, none of the data that may have been accessed could be used to leave you financially worse off. •We don’t store unencrypted credit or debit card data on our site, so any card details which may have been accessed have the 6 middle digits blanked out. For example, it would appear as 012345XXXXXX6789. This means it can’t be used for financial transactions.
• No My Account passwords have been accessed. •No banking details were taken that you won’t already be sharing with people when you write a cheque or give to someone so they can pay money into your account.We will continue investigating and promise to keep you updated as we know more. In the meantime, we strongly encourage that you:
•Sign up to your free credit reporting service using this code: TT231. We have partnered with Noddle, one of the leading credit reference agencies, to offer 12 months of credit monitoring alerts for all customers. You can find out more at www.talktalk.co.uk/secure
.•Stay vigilant - TalkTalk will NEVER call customers and ask you to provide personal details or passwords. Please take all steps to check the true identity of any organisation that calls requesting personal information. If you have any doubts, please call us on [URL="tel:0800%20083%202710"]0800 083 2710[/URL] or [URL="tel:0141%20230%20070"]0141 230 0707[/URL].
We are sorry for the concern this week’s attack has caused, but want to reassure you that we are doing everything possible to keep your information safe.For more information, please visit: www.talktalk.co.uk/secure. Yours sincerely,
0
Comments
-
Worrying that they think replacing the 6 middle digits with an 'x' is encryption. That is actually call obfuscation.We don’t store unencrypted credit or debit card data on our site, so any card details which may have been accessed have the 6 middle digits blanked out. For example, it would appear as 012345XXXXXX6789. This means it can’t be used for financial transactions.
But I expect the vast majority of TT customers weren't sending cheques to Russian Islamists...No banking details were taken that you won’t already be sharing with people when you write a cheque or give to someone so they can pay money into your account.
TT appear to be pretty clueless...or at least hope their customers are.0 -
over the weekend I have set up two direct debits with the DVLA , those should appear on my online banking early next week
the proof of the working of the noodle "email alert" will be if it informs me of those.
setting up of phantom direct debits , that just take one or two payments until noticed are a worry.
talk talk:
I do not have a cheque book , I do not go round giving my full name and address , bank acc No and sort code to people!
IF I buy something online , its with a debit/credit card and I have assistance if it goes wrong.
the proof of the "£20" noodle addon , will be the report sent to me!!!0 -
copied from the community forum
Hi everyone.
Although I appreciate this is going to be a big hassle, if you pay TalkTalk by direct debit I'd recommend either trying to arrange some additional restrictions with your bank or closing and reopening a new account for the bank account you have used to pay TalkTalk. At this point a person of malicious intent has everything they need to set up a direct debit and withdraw money from your account.
So at this point TalkTalk have told you that the long card numbers have not been fully disclosed, only 12345XXXXX 6789 etc so no one is able to take money out of your account via your bank card.
What has been leaked for definite however is:
- Your title e.g. Mr
- Your firstname
- Your Surname
- Your Date Of Birth
- Your email address
- Your telephone number
- Your full address including postcode.
- Your bank account name
- Your bank account number
- Your sort code
Souce/confirmation on this:
http://pastebin.com/HHT4BxJA
The following information is required to set up a direct debit:
- your name and address (the hackers have this)
- the name and address of your bank or building society (the hackers have the name and can get the full bank address via sites such as www.findsortcodes.co.uk very, very easily).
- your bank or building society account number (hackers have this).
- the branch sort code of your bank or building society (hackers have this)
- the name(s) on the account (hackers have this)
Source/confirmation on this:
http://www.directdebit.co.uk/DirectDebitExplained/FAQs/Pages/SettingUpADirectDebit.aspx
That is everything required to set up a direct debit. Sure, you are protected by the direct debit guarantee so are *likely* to get the money back, but whilst your details remain the same there is nothing to stop this happening repeatedly. Also the time taken to get your money back by going through the process could mean you missing bill payments which would affect your credit score.
Process for when an incorrect or unauthorised payment is taken via direct debit:
http://www.directdebit.co.uk/DirectDebitExplained/Pages/Incorrectpayments.aspx
The direct debit guarantee:
http://www.directdebit.co.uk/DirectDebitExplained/Pages/DirectDebitGuarantee.aspx
A well publised example of this is Jeremy Clarkson when he posted his details online in 2008:
http://news.bbc.co.uk/1/hi/7174760.stm
It is very likely that your details will be appearing for sale on the deep web soon, if not already. Fraudsters refer to the information that has been leaked as 'fullz' and your information is bought and sold online for identity theft purposes for around $30-$35 per identity.
Further reading:
http://itlaw.wikia.com/wiki/Fullz
https://en.wikipedia.org/wiki/Carding_(fraud)
https://en.wikipedia.org/wiki/Darknet_market
Obviously you can't go ahead and change your name and date of birth or change address very easily, however I would recommend trying to invalidate as much of the information the hackers have as possible.
Best regards,
FrostyBob0 -
If the concern is that your details can be sold or used to set up direct debits, what can you do? Get in touch with your bank and request secondary authorisation when a new direct debit is set up?0
-
Why open another TT thread when we already have the main one?
https://forums.moneysavingexpert.com/discussion/53461740 -
enfield_freddy wrote: »
The following information is required to set up a direct debit:
You are missing the fact that you need to be authorised by your bank to take Direct Debits. You can't just go and set up a DD. Pretending otherwise creates unnecessary hysteria.
http://www.bacs.co.uk/Bacs/Businesses/DirectDebit/Collecting/Pages/GettingStarted.aspx0 -
just because companies have to be authorised to set up direct debits doesnt mean that the scammers cant find a way to get hold of our money somehow
all you have to do is google direct debit fraud to see it does happen & that once someone has your bank details they can keep on doing it forever until you change your bank account details
off the top of my head one example I can think of is if a scammer creates an online betting account with a company that is authorised to set up direct debits, then debits the money from your account & then either uses it for gambling or just transfers it straight out of the gambling account onto an online prepaid debit card (entropay or neteller for example)
The details hacked can also be used for identity fraud such as the taking out of a loan in the name of the victim0 -
Archi_Bald wrote: »You are missing the fact that you need to be authorised by your bank to take Direct Debits. You can't just go and set up a DD. Pretending otherwise creates unnecessary hysteria.
http://www.bacs.co.uk/Bacs/Businesses/DirectDebit/Collecting/Pages/GettingStarted.aspx
I totally agree. Given the number of people who post here who have no idea about the differences between DDs and Standing Orders, the information above is total exaggeration without that critical information that only authorised organisations can set up DDs.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.9K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards