The news broke this morning that the UK internet service provider and telecom company TalkTalk was the target of a major attack from hackers, with the personal data of some 4 million customers being stolen. While this could be the definition of a bad situation, it’s already gotten worse. The London-based company has confirmed that it has now received a ransom demand from an unidentified party claiming responsibility for the hack.
As the attack initially took place on Wednesday morning UK time, TalkTalk says it had already contacted the police and gotten law enforcement involved by Thursday. The ransom was received Friday morning, with CEO Dido Harding saying that a monetary payment was demanded, but they weren’t sure yet if whoever sent it was actually responsible for the security breach, let alone if it was a group or individual.
It turns out this is the third such cyberattack against TalkTalk this year, with customer data obtained in both cases in February and August. The company says there’s a “chance” that the data stolen this time includes names, addresses, birth dates, email addresses, phone numbers, and banking details, adding that at worst it was information all 4 million of their customers.
But the real kicker? Not all the information was encrypted, and they don’t know the full extent of what’s accessible.
Parts of TalkTalk’s website remain offline while the company continues to work with investigators. “We take any threat to the security of our customers’ data extremely seriously and we are taking all the necessary steps to understand what has happened here,” a statement from CEO Harding said. The company has also published a FAQ page with information for customers who may be affected.