All firms a potential TalkTalk
EVERY company is vulnerable to a hacking attack like the one suffered by TalkTalk, it was claimed last night.
Anyone who has typed personal information into a webpage has “had it compromised in some way” because data are frequently left unprotected on computer servers, experts claimed.
On another day of frantic investigations at TalkTalk, which has still not ascertained the scale of its data breach, its chief executive said she would leave if her customers demanded it.
Speaking to The Daily Telegraph last night, Baroness Harding said: “In some ways I would love to say this is just a TalkTalk issue, I’d love to believe this is just us – but it isn’t.
“Do I wish I’d done more? Of course I do. But would that have made a difference? If I’m honest I don’t know.
“This is happening to a huge number of organisations all the time. The awful truth is that every company, every
organisation in the UK needs to spend more money and put more focus on cyber security – it’s the crime of our era.”
She added: “A lot of people are very angry with me and with TalkTalk but there are quite a few who have thanked me for being honest and open.
“Which side wins the argument will be their decision not mine. My job, my company, we exist at the gift of our customers, so our customers will make that decision over time.”
Those affected by the data breach may be allowed to break their contract, Baroness Harding conceded.
TalkTalk data has now been targeted three times in nine months. In the latest theft, no passwords had been stolen and the leaking of bank account numbers and sort codes was on a “smaller scale” than first thought, she added.
Experts said the threat cyber crime posed was underlined by the 625,000 offences registered each month in Britain. Lauri Love, who the United States wants to extradite for alleged hacking offences, told the BBC: “Pretty much everyone who has signed up their personal information to a website has had it compromised in some way.”
TalkTalk has been criticised for failing to “encrypt” its data so hackers would be unable to read it.
Ross Anderson, professor of security engineering at the University of Cambridge, said: “Most companies are pretty vulnerable to capable, motivated attackers, but governments aren’t going to help much.”
He said the Investigatory Powers Act, the so-called snooper’s charter which will give British spies access to telecommunications data by law and is expected to be unveiled next week, would undermine websites’ security.
“David Cameron is saying people should use encryption only if the police and MI5 can break it,” said Mr Anderson. “[The snooper’s charter] is basically sabotage of the information security mechanisms firms need.”