TalkTalk’s high-profile hack in October was the first time cyber criminals had managed to get past the company’s security measures in five years, CEO Dido Harding has said.
Speaking to the House of Commons Culture, Media and Sport Select Committee, which is conducting an inquiry into the security breach, Ms Harding noted that two previous incidents were not of the same nature as the October hack, which saw cyber criminals access the details of almost 157,000 TalkTalk customers.
An incident in December 2014, which also saw customers’ data stolen, was a personnel issue, she noted, while a similar occurrence in August this year was related to Carphone Warehouse - a third-party supplier to TalkTalk.
“Every British company is being targeted by cyber criminals every day,” she said, according to The Guardian.
“One of the interesting things we have learned is that it’s only telecoms companies that have an obligation to report breaches to the ICO [Information Commissioner’s Office]. The truth is that none of us know what of our personal data may have been stolen from other sources.”
Harding noted that while TalkTalk should have done more to protect itself, the line responsibility for keeping customers’ data safe is divided between a number of teams. This brings up questions as to whether there was a sufficient oversight by the board, she said.
The Chief Exec also cast doubt on whether the government-sponsored Cyber Essentials scheme could have fully prevented the large-scale hack, explaining that she is unsure as to whether the initiative provides a sufficient benchmark for protection. She added that the company is currently in the process of getting Cyber Essentials accreditation.
“Cybercrime is the crime of our generation, it is growing exponentially, and we all need to learn more ... You can’t say you are 100% certain that your measures are going to keep everything secure. Criminals only have to get lucky once,” Harding added.
According to the TalkTalk chief, less than four per cent of customers were affected by the breach, and none of the information accessed would enable a criminal to steal money. She pointed out that the company has offered the “goodwill gesture” of free upgrades for all customers, and is the only telecoms company that hands out free security packages.