TalkTalk’s ex-CEO Dido Harding heads up the UK’s Coronavirus tracing app…

Let’s hope privacy promises aren’t all talk talk…

Who's in charge of the UK's Coronavirus tracing app? Dido Harding, apparently...

Imagine you’re the UK Government in the middle of the biggest crisis the country has faced since World War II.

Imagine that more than 30,000 people in the UK have died after testing positive for coronavirus – the only nation outranking the UK in its death toll is the United States, with a much much larger population.

Imagine that over half the population believes that you, the UK government, took too long – compared to our European neighbours – to impose a lockdown.

Imagine that you have decided, like other countries, to develop a smartphone app that might help quickly trace recent contacts of anyone with the coronavirus. But, unlike many other countries, you are trialling a “centralised” model app, which requires the potentially sensitive data on a central computer server rather than the alternative, “decentralised” model proposed by Apple and Google, where information stays on people’s handsets.

Obviously calming people’s understandable privacy and security concerns about such an app is going to be an important factor to increase chances that a decent proportion of the public will download it.

Sign up to our free newsletter.
Security news, advice, and tips.

So, who does the UK government appoint to head up the NHS COVID-19 tracing app?

None other than Baroness Harding of Winscombe. Perhaps better known to you and me as Dido Harding, the former CEO of TalkTalk.

Dido Harding

Dido Harding, you may recall, was for a couple of weeks in 2015 a regular fixture on UK news reports as she attempted to answer technical questions about the “sequential attack” against TalkTalk, and struggle to clarify what customer data had been exposed, and whether it had been encrypted or not.

I got the distinct impression that she didn’t know what she was talking about…

It turned out that the people responsible for the TalkTalk hack were teenagers who had used a rudimentary SQL injection attack to steal customer details.

In my view, TalkTalk acted pretty badly before the hack (there had been a string of other data breaches involving the firm in the previous 12 months) and atrociously to defrauded customers who attempted to quit their contracts with the firm.

Astonishingly, Dido Harding tried to claim that TalkTalk’s security was “head and shoulders” better than the company’s rivals.

TalkTalk’s security failings were investigated by the ICO, and the firm was hit with a record fine.

The ICO’s specialist technical team supported the enforcement team and found TalkTalk had failed to remove, or otherwise make secure, the webpages that enabled the attackers to access the underlying database. The investigation also highlighted that the database software in use was outdated. It was affected by a bug for which a fix had been made available over three-and-a-half years before the cyber attack but which had not been applied. The bug enabled the attackers to bypass access restrictions that were in place on the database. TalkTalk also failed to undertake appropriate proactive monitoring activities to discover vulnerabilities.

The UK parliament later released its own report into what happened, including testimony from Dido Harding that is well worth a read or you can watch what happened here.

So why has the UK government chosen Dido Harding to lead the project?

Why indeed.

The cynic in me wonders if they believe that should a cock-up occur, what better fall guy would there be than Dido Harding to take the blame?

Health Secretary Matt Hancock says he can’t think of anyone better than Dido Harding to lead the project.

Imagine that.

Further reading: Info on NHS Coronavirus app leaks out via Google Drive snafu


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “TalkTalk’s ex-CEO Dido Harding heads up the UK’s Coronavirus tracing app…”

  1. Jim

    She is married to John Penrose, MP for Weston-super-mare, that may clarify the issue.

    1. Jim · in reply to Jim

      To add, Conservative MP.

  2. Brad

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.