Talk Talk Cyber Hack

strangeotron

My mother has an account with them for internet and phone. She's just received the what I preusme is standard letter informing her about the hack. Unfortunately it doesn't actually tell her whether her information has been taken. They do claim that information taken is 'useless', which I doubt. Does she have a right to ask whether her information has been comrpomised? The letter states that "less than" 28,000 people's data has been actively taken, but that doesn't actually address what she needs to do and unfortunately she's massively technophobic and will be reluctant to pursue this.

bsod

what do you think she needs to do

the way they've handled it has put the frighteners on millions of people unnecessarily, and damaged the brand forever, wouldn't surprise me if it renames or gets consumed by another brand in a year or two when everyone is out of contract and free to leave

The reality is, people just have to be careful of scammers phoning up pretending to be someone they are not, offering refunds, or asking for bank transfers/pin codes/bank cards/help with a fraud investigation/remote control of pc to fix a non-existent virus or problem, and keep an eye out for any unusual transactions on bank statements, same as they did beforehand

strangeotron

What she needs to do most of all is learn how computers work and how the internet works, particularly with regard to security because she is really naive and just doesn't understand it. Unfortunately a lot of people who get conned (i'm not saying that will happen or is likely) do so because they believe it can't happen to them.

I don't really know enough about this situation. I don't know if her credit card details have been compromised or what that actually means if they have.

We, like most people, get cold callers all the time. That's just how it is. My advice is always just hang up. Don't engage with these people because if you do they think you're interested enough to call back and to my mother that sort of behaviour is impolite and she doesn't like when she perceives being told what to do. So if I tell her to call TT and ask if her details are included in those hacked she won't like it.

bsod

she'll probably get palmed off anyway

just tell her, unless she personally knows the person on the other end of the phone, they are probably liars trying to sell something (tps will cut out a few) or scammers trying to con her out of money. and only give out the real phone number to people who really need to know, that doesn't include most businesses, then the probably turns into a definitely.

if she pays tt by credit card, the last story I heard was only part of that number was available to hackers, so is useless

strangeotron

bsod wrote: »

she'll probably get palmed off anyway

just tell her, unless she personally knows the person on the other end of the phone, they are probably liars trying to sell something (tps will cut out a few) or scammers trying to con her out of money. and only give out the real phone number to people who really need to know, that doesn't include most businesses

She may well get palmed off, but it's got to be worth asking.

If her information is out there because of these scumbags she needs to know to do something about it, surely. Like change account numbers or whatever.

I try to explain that you should hangup when dealing with people, but she's really wilful. I dread to think what will happen if she sees a dodgy email sent eas some of them look, without closer examination (such as the source address), very convincing.

Apparently they've been hacked 3 times this year! This is the first i've heard about it.

dannyrst

The easiest way to resolve any concerns is to teach people to ring companies back using the phone number on their website or a letter you are certain came from the company.

I always love when Sky or any other company (the one I work for included) call you and say "Hi it's Tracy from <Company Name>, before I go any further I just need to complete security with you, what is your name, address, DOB, mothers maiden name?"

Not being funny Tracy but how about I put you through some security questions before I give you all that info?!

If you call them, you can be fairly confident that they are who they say they are and I'd happily provide security information to them then.

Also, if you get a strange letter, call the company to question it.

bsod

tell her to watch daytime tv, listen to you and yours, watchdog, every other programs is about scams atm

TT will just tell her the same as is in the statement on the website and is mailed to each customer, they are investigating blah

As regards the phone them back, (it's about to or has changed for the better on most networks now), but that ring the bank back method is used by scammers to persuade people they are real, because if they don't hang up, you are still on the line to them.

SnowTiger

bsod wrote: »

the way they've handled it has put the frighteners on millions of people unnecessarily, and damaged the brand forever, wouldn't surprise me if it renames or gets consumed by another brand in a year or two when everyone is out of contract and free to leave

People have short memories. It will probably all be forgotten about in a few weeks.

I agree with you about TalkTalk handling it badly. They really don't seem to have known what had happened or what they were doing.

There were several other data losses that week, as there are every week. Dido Harding trolling around media outlets with nothing to say did TalkTalk no favours.

As you and others suggest, vigilance is key. Sadly even in these forums there are people who only glance at their bank statement once every two to three years, so it's not difficult to see what's coming.

dannyrst

strangeotron wrote: »

She may well get palmed off, but it's got to be worth asking.

If her information is out there because of these scumbags she needs to know to do something about it, surely. Like change account numbers or whatever.

I try to explain that you should hangup when dealing with people, but she's really wilful. I dread to think what will happen if she sees a dodgy email sent eas some of them look, without closer examination (such as the source address), very convincing.

Apparently they've been hacked 3 times this year! This is the first i've heard about it.

The hack was on the website of Talk Talk, not the core system.

That means the only details they have are the ones you can view yourself on the website when you are logged in. So for example, in your account section there will be a note of your contact phone number, email address and a series of X's followed by the last 4 digits of your credit card/bank account.

No company would ever store full bank/credit card details on the website. They have databases and systems behind the website that hold all the really juicy data that the hackers really want. The problem is they are harder to access and generally encrypted with absolute minimal access provided to avoid any breaches.

This hack on Talk Talk was clearly not a direct attack to drain customer bank accounts but an attempt to contact customers afterwards pretending to be Talk Talk and getting customers to hand over their details unwittingly. It's far easier to do it that way.

AndyPix

The easiest way to explain it to older folk, is that data has been pinched that would allow someone to call them up and pretend to be talktalk ..

Then explain that there is no need to worry, and that the simplest thing to do, is that if she gets ANY calls from TalkTalk - Simply say no thank you - wait 30 minutes and then call them back to see if it was indeed them that wanted you

dannyrst

bsod wrote: »

As regards the phone them back, (it's about to or has changed for the better on most networks now), but that ring the bank back method is used by scammers to persuade people they are real, because if they don't hang up, you are still on the line to them.

I'm not sure about this because I don't have a house phone. I presume it can't affect mobile phones too?