TalkTalk Customer Data At Risk After Cyber-attack On Company Website

An anonymous reader writes: Police are investigating a "significant and sustained" cyber-attack on the website of TalkTalk, an internet and TV provider, which could have compromised customers' credit card and other personal details. The telecoms provider has 4 million customers in the UK. It is the second time in the past 12 months that TalkTalk customers have been affected by data breaches. "We are continuing to work with leading cybercrime specialists and the Metropolitan police to establish exactly what happened and the extent of any information accessed," the company said on Thursday night after revealing the attack, which took place on Wednesday.

Its chief executive, Dido Harding, said: "We take any threat to the security of our customers' data extremely seriously, and we are taking all the necessary steps to understand what has happened here." TalkTalk was informing its customers immediately about the attack as a precaution, she added.

Re:Hack used SQL injection ..

[JustAnotherOldGuy]

Fucking aye, have these people never heard of sanitizing data, or is that some new-fangled thing?

I rigorously sanitize ALL data coming into my sites (every single input) and I'd be genuinely surprised if a SQL injection would work on any of them.

I mean, it's just not that fucking hard to guard against, why can't these companies full of hot-dog programmers seem to get it right??

Re:Accountabilty

[jonbryce]

Baroness Harding of Winscombe studied Philosophy, Politics and Economics at Oxford. I doubt she even knows what encryption is. She certainly doesn't know the difference between a DDOS attack and an SQL injection attack.

Re:Hack used SQL injection ..

[AmiMoJo]

Security costs money. The lowest bidder rarely bothers with it, and the company sure as hell isn't going to pay to have it properly tested. As far as the boss is concerned the box was ticked, their bonus was secured.