Just over six months have passed since UK telecoms operator TalkTalk found itself on the front pages of national newspapers and apologising for its sloppy security.
In my view, TalkTalk acted pretty badly before the hack (there had been a string of other data breaches involving the firm in the previous 12 months) and shoddily afterwards to its defrauded customers.
But for most people, their memory of the breach will be forever associated with CEO Dido Harding (also known as Baroness Harding of Winscombe) performances on live TV news broadcasts. Ms Harding often appeared to be out of her depth as she attempted to reassure customers that the firm could be trusted with their personal data.
It was like watching Bambi attempting to walk for the first time, as a juggernaut bore down on her… its headlights blazing…
It later transpired that the data breach wasn’t quite as bad as it might have been. TalkTalk described how “only 4%” of its users were affected by the hacking attack on its systems, a mere 156,959, had their details accessed.
That’s not much consolation for those 157,000 individuals – but was clearly a lucky escape for TalkTalk which didn’t appear to have rescued the information of millions of its other users through any skill of its own.
Indeed, it seems that far from being “highly sophisticated” as TalkTalk liked to describe it, the attack was a rudimentary SQL Injection attack (or “sequential attack” as Dido Harding chose to incorrectly describe it to the Financial Times).
SQL injection attacks are not new. They are security 101. Any web developer worth his salt should know about the risk of SQL injection attacks, and harden their code to prevent them from succeeding.
In total, six individuals under the age of 21 have been arrested in connection with the TalkTalk hack.
Six months on…
Well, as The Independent reports, TalkTalk’s profits have more than halved – falling to £14 million compared to £32 million a year before.
Furthermore, the hack is said to have cost TalkTalk a stonking £42 million, and saw 101,000 subscribers leave the firm in Q3 2015.
Ouch! Mind you, I suspect the figure might have been much worse if TalkTalk had allowed other subscribers to break their contract following the hack a little more easily.
As it was, TalkTalk only allowed victims to quit the firm if they could prove they were defrauded as a direct result of their personal information being stolen from TalkTalk, rather than as a result of a scammer using the stolen TalkTalk data to extract further details while posing as a TalkTalk employee on the phone.
“In the unlikely event that money is stolen from a customer’s bank account as a direct result of the cyber attack (rather than as a result of any information given out by a customer) then as a gesture of goodwill, on a case by case basis, we will waive termination fees.”
Was that really demonstrating good customer service? I wasn’t convinced.
In an interview today with BBC News, Dido Harding is clearly putting a positive spin on things, as the company saw improved results in Q4, adding 148,000 subscribers:
“I am actually very encouraged by the way the business has bounced back so strongly in the last quarter. The customer base has really stabilised and this is testimony to the fact that our customers really appreciated our open and honest approach and how we tried to look after them through the cyber attack.”
Hmm. I’m not sure I quite buy into that explanation.
I think what’s happening here, and has happened with other high profile hacks in the past, is that the public has proven it has a short memory.
When a hack is making the TV news and hitting the headlines, customers are often boiling with rage and threatening to close their accounts.
But as time goes by, tempers subside, and – unless you were one of the poor unfortunates who lost thousands of pounds as a result of TalkTalk’s incompetence – it’s all too easy to forget how you were treated before, and allow contracts to renew rather than switch providers.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.