If you caught the news last night or have been anywhere near Twitter today, it’s likely you already know that yesterday (October 22nd) TalkTalk's security was breached by hackers. The result is that the bank account details and personal information of up to 4 milion customers could now be in the hands of fraudsters.
Details of exactly what happened are still being established. But based on what we know, here’s our plain-speaking guide to what to do next and how you can make sure you don’t lose out.
Where do you stand? How will you know if you’ve been the victim of theft? Do you need to contact anyone? Read on and we’ll walk you through the questions you’re going to want answered.
What data has been accessed? How extensive was the breach?
It’s not clear exactly what the hackers were able to get hold of. That will be determined by the Met Police’s Cyber Crime Unit and TalkTalk’s in-house investigation.
However, TalkTalk has warned customers that the breach could have involved:
- Date of birth
- Phone numbers
- Email addresses
- TalkTalk account information
- Credit card details and/or bank details
It has since emerged that the scale of the hack wasn't anything like as bad as initially feared.
TalkTalk has confirmed that 157,000 customer accounts were accessed, out of its entire customer base of 1.2 million.
How will I know if I’ve been affected?
The scale of the breach has yet to be determined. And right now, TalkTalk certainly won’t be able to tell you whether you've been affected if you call them.
What we do know is that the data was not encrypted. That means that the hackers will be to make sense of it and use it against TalkTalk’s customers.
For its part, as well as sending out an email notification to its customer base of 4 million people, TalkTalk has pledged that it will be directly contacting customers who have been affected.
Could they have stolen from my account already?
It’s possible. The best policy is to closely monitor your bank account over the next few months and check for transactions that you don’t recognise.
Usually fraudsters will attempt to take a small amount from an account first to test the water and then try for a larger sum thereafter.
Spot something that seems awry? Get in touch with your bank and report it to Action Fraud. You can get them on 0300 123 2040 or viawww.actionfraud.police.uk.
How do I deal with suspicious emails and calls?
It’s just as likely that the fraudsters will contact you by email posing as TalkTalk in a bid to get more details out of you. Emails that ask you to download software and click on links should be particular red flags.
If you need to access your account, head directly to TalkTalk’s website and log-in from there.
It’s also vital that you’re careful with how you respond to phone calls purporting to be from TalkTalk.
Think about whether the information they’re asking or is what you’d expect to be asked for by your provider. If not, simply refuse to give it out and contact TalkTalk directly via their customer service centre.
More generally, exercise common sense and think about whether the information you’re being asked for could be used to open up your bank account.
Even in these extreme circumstances, TalkTalk reps would never ask you for your bank account details. So if you are asked for them, end the call.
Anything else I can do?
Of course, as a precaution it’s smart to change your TalkTalk account passwords. Got any accounts that use the same password? It’d be clever to change them too.
TalkTalk also advises you to check your credit report with Call Credit, Experian and Equifax.
Am I entitled to any compensation?
At the time of writing, some reports are claiming that customers whose data was breached could be entitled to up to £1,000 each. That's back up by word from the Information Commissioner's Office (ICO).
However, there's no official confirmation from TalkTalk one way or the other.
By way of compensation, TalkTalk is offering a customers a choice of service upgrades, including extra TV content, a TalkTalk mobile SIM and unlimited landline and mobile calls.
If my data has been stolen, can I leave my TalkTalk contract without financial penalty?
Of course, TalkTalk customers who are out of contract can leave at any without incurring a financial penalty.
But it's less clear where you stand if you're still under contract. Anecdotal evidence indicates that TalkTalk customers who have asked to do so are apparently being asked to pay the rest of their contract as a condition of being allowed to leave.
However, in statements issued to the press TalkTalk said that it's "too early" to say whether under-contract customers will be allowed to leave without paying a charge. It has also stated it will consider each incident on a case by case basis.
What’s TalkTalk doing about it?
TalkTalk has contacted major banks and they’ll be looking out for suspicious activity on TalkTalk customers’ accounts.
It also says it has “taken all necessary measures to make [its] website secure again following the attack”.
TalkTalk has set up 12 months’ free credit monitoring for all its customers too. Details of this promised in due course.
Does any of this affect my broadband, home phone and TV service?
Not at all. Throughout the attack, even when TalkTalk took its site down to tackle the hackers, its services were unaffected. There’s no risk from continuing to use them and nor will your service be affected.