Talktalk data breach

The TalkTalk data breach, a record £400k fine and a warning to others

00Cyber Security, Data breachTags:

The TalkTalk Data Breach

On the 21st October 2015, TalkTalk became aware of a major security breach.  Over the following days and weeks, the severity and magnitude of that breach filled the headlines of the British and International newspapers. More than 150,000 users saw their personal information leaked. Of those, more than 15,000 users saw their bank account details compromised. 

“failed to apply software patches to a database, fixing a known exposure that had been identified more than 3.5 years prior to the breach.”

The next day, TalkTalk informed the Information Commissioners Office of the data breach. The TalkTalk data breach has cost about £60m and contributed to the loss of over 100,000 customers. The police are still questioning 6 individuals (all under 21 years of age) in relation to the crime.

The ICO Investigation to the TalkTalk data breach

Now TalkTalk is back in the headlines as the ICO issues a record-breaking fine of £400,000, due to security failings that allowed a cyber attacker to access customer data “with ease”. The ICO investigation found that the attack could have been prevented if TalkTalk had taken basic steps to protect customers’ information. Worryingly, TalkTalk failed to apply software patches, fixing a known exposure that had been identified more than 3.5 years prior to the breach. The report highlights that there were two additional attacks 12 weeks before the October breach which had not been detected. More info

Yahoo Data breach

Lessons from the Yahoo data breach

00Cyber Security, Data breachTags:

Lessons from the Yahoo data breach

Once again the headlines are dominated by news of another major breach, unsurprisingly it’s Yahoo data breach which has been made apparent.

What happened at Yahoo?

It’s a massive data breach, making Talk Talk, LinkedIn and Ashley Madison look tiny – 500 million records have been breached in what is being reported as a ‘state-sponsored’ hack with rumours of involvement from China, Korea or Russia. The breach occurred at some point in 2014 and impacts not just users of Yahoo, but potentially Sky and BT users as well.

Yahoo Data breach raises so many questions 

It is clear that this story will continue to run for many weeks and months. It raises so many questions; how much Yahoo knew? When did Yahoo found out? Why didn’t Yahoo recognise that a breach had occurred? And why do Yahoo think it was a state sponsored attack, given the data has found it’s way to the dark web?

I’m sure the new owners of Yahoo, the well respected communications company Verizon, will have many more questions. More info