Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > TalkTalk CEO claims ISP not legally obligated to encrypt user database

TalkTalk CEO claims ISP not legally obligated to encrypt user database
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Oct 26, 2015, 11:32 AM
 
The head of TalkTalk has dismissed claims it hasn't done enough to protect the data of its users, in the wake of a major breach potentially affecting 4 million customers. In an interview over the weekend, Dido Harding claimed the company was not under any "legal obligation" to encrypt customer data, including bank account details and other sensitive information, and that it had done enough to try and protect their customers under United Kingdom law.

Speaking to the Sunday Times, Harding revealed [Our data] wasn't encrypted, nor are you legally required to encrypt it. We have complied with all our legal implications in terms of storing of financial information." Ars Technica notes that the relevant section within the UK Data Protection Act 1998 states "Appropriate technical and organizational measures should be taken" to prevent unauthorized usage of the data, but does not mandate the encryption of data specifically.



Since the attack, and the subsequent investigation launch by the Metropolitan Police cyber crime unit, TalkTalk has hired BAE Systems to help shore up its security and investigate the breach. It is now claimed that the attackers only got as far as the TalkTalk website and not more sensitive corporate systems, with only partial credit card numbers held on the site. Even so, the full extent of the breach has yet to be revealed by the company.

As for how much the data could be worth, more details about a ransom demand sent to Harding may have been revealed. Sources of Brian Krebs close to the investigation suggest the ransom amount was £80,000 (approximately $122,000) in Bitcoin, with copies of the tables from the user database provided as evidence the supposed attacker was involved in the breach. A number of hacking groups have claimed to be behind the attack, with some also promising to sell the data on a "deep web black market."

Affected TalkTalk customers are being offered 12 months of free credit monitoring.
     
prl99
Senior User
Join Date: Mar 2009
Location: pacific northwest
Status: Offline
Reply With Quote
Oct 26, 2015, 11:50 AM
 
Free credit monitoring. So what. Once people actually understand what this site doesn't do, I have to wonder if anyone will ever use it again. In today's age of cyber security concerns, I'm really surprised the UK hasn't updated their rules to protect their citizens data. Where do I find the UK equivalent of the BBB? I'd like to post Dido's interview and see what kind of rating they get.
     
climacs
Senior User
Join Date: Sep 2001
Location: in front of my computer
Status: Offline
Reply With Quote
Oct 26, 2015, 12:40 PM
 
wow, who is their PR guy? "We're just following the law" means you are meeting the BARE MINIMUM REQUIREMENT for doing business.
     
Flying Meat
Senior User
Join Date: Jan 2007
Location: SF
Status: Offline
Reply With Quote
Oct 26, 2015, 02:04 PM
 
Ah. I see, Dido. It's someone else's fault. :/
     
Bittyson
Fresh-Faced Recruit
Join Date: Sep 2011
Status: Offline
Reply With Quote
Oct 26, 2015, 02:42 PM
 
And I'm pretty sure customers are not legally obligated to remain customers. Or at least new potential customers because this kind of company has probably created particularly onerous legally obligating contracts for those unfortunate enough to have signed on for service.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 07:49 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,