back to article Here's how TalkTalk ducked and dived over THAT gigantic hack

It has been almost two weeks since the "cyber attack" on the TalkTalk website of 21 October, yet the company is yet to tell its customers how their data was compromised. TalkTalk's CEO Dido Harding has yet to offer anything more than a token apology regarding the company's security practices, which allowed more than a million …

  1. eSeM

    Why Is Dido Harding Still in a Job?

    I had TalkTalk customer support call me up at the weekend, they had all my details. Allegedly my broadband account had been suspended and I needed to enter some details on their website to get it un-blocked.

    Very authentic, they hardly spoke any English, just like the real TalTalk support :-(

    1. Anthony Hegedus Silver badge

      Re: Why Is Dido Harding Still in a Job?

      That dildo woman should resign. She is a deceitful lying woman who is clearly not in proper control. Talktalk should "do right" by their customers by letting them leave. And she should get rid of the indian call centres.

      1. Mike Richards

        Re: Why Is Dido Harding Still in a Job?

        It's odd that the government hasn't made a bigger thing about the TalkTalk hack - after all, it is one of the largest leaks of personal information in the UK that hasn't been managed by the government, and they're always telling us about the threat of all things cyber.

        Could it be that they don't want to draw attention to the incompetent Dido Harding being a colleague of Cameron's at Oxford PPE, a Tory peer and married to John Penrose MP Lord Commissioner of Her Majesty's Treasury, and assistant government whip?

    2. Zog_but_not_the_first Silver badge
      Meh

      Re: Why Is Dido Harding Still in a Job?

      Because she is yet another example of the self declared "talent" whose chief function is to trouser wadloads of cash while keeping an eye out for the next revolving door opportunity.

      I've always believed strongly in the concept of taking responsibility for things that happen "on my watch". She obviously doesn't.

      1. allthecoolshortnamesweretaken

        Re: Why Is Dido Harding Still in a Job?

        I've always believed strongly in the concept of taking responsibility for things that happen "on my watch".

        To quote Dilbert's PHB: "I can see why you're not in management."

      2. Mark 85 Silver badge
        Devil

        Re: Why Is Dido Harding Still in a Job?

        "I've always believed strongly in the concept of taking responsibility for things that happen "on my watch". She obviously doesn't."

        Which means you have ethics and thus can never, ever be a C-suite resident.

    3. Anonymous Coward
      Anonymous Coward

      Re: Why Is Dido Harding Still in a Job?

      Why Is Dido Harding Still in a Job?

      She's not going to willingly walk away from a job where she got paid £7m last year just to inadequately oversee a collection of outsourced and offshored peasants, is she? And if she won't go willingly, who's going to sack her, the makeweights and free lunchers of the non-executive directors of TalkTalk? I think not.

      The question is, why are you still paying your share of Ms Harding's vastly inflated remuneration? Terminate your contract with them, citing the Supply of Goods and Services Act 1982, and their failure to deliver the service with reasonable care and skill, offering as prima facie evidence the details of the call you had, and the fact that IT data breaches have been going on since at least 2007 but are readily avoided by the application of reasonable care and skill.

      I can't see you having much joy with TalkTalk's infamously useless call centres, so probably better to do it as letter to Ms Harding herself at the registered office. She'll never see it, but a flunky will point it in the right direction. They can't dispute your claim using their T&C because statute law trumps the terms of any contract, and then their only grounds for dispute is to claim that a breach of over 1.1m customer records does count as reasonable care and skill, which won't stand up in the small claims court if that's where this goes. Here's a starter for ten:

      https://www.citizensadvice.org.uk/consumer/template-letters/letters/problems-with-services/letter-to-end-contract-due-to-poor-work-and-lost-faith/

      Or rather than letter, offer them notice of termination for the above reasons on one of their social media forums. That way it's all in public view, and the press will be reading it.

      1. I. Aproveofitspendingonspecificprojects

        failure to deliver service with reasonable care and skill

        Once you get told that your account is not longer working, by some illiterate non English speaking oik (that just happens to have all the data on you that Talk Talk requires to verify you) then you could assume, quite rightly that it IS an official contact from the supplier and all you have to do is tell them:

        "OK, see to it the account remains suspended; I am going to get a decent ISP, please send the official communique in writing," and then tell them where to go.

        Hint when speaking to people of that nature: Shout V loudly.

    4. Dan 55 Silver badge

      Re: Why Is Dido Harding Still in a Job?

      They ring up people and want them to enter their details on any old website? Nice.

      That's if it really was TalkTalk ringing you up. If not then your data's doing the rounds.

    5. TitterYeNot

      Re: Why Is Dido Harding Still in a Job?

      I think you'll find you mean "Why is Dido Harding, <Cough> Baroness Harding of Winscombe <Cough>, still in a job?"

      <Cough> Studied PPE at Oxford with David Cameron.

      <Cough> Married to Conservative government Minister John Penrose.

      Now you might very well think that the above facts could have a strong influence upon whether or not she keeps her job, despite her incompetence. But of course I couldn't possibly comment...

      1. Anonymous Coward
        Anonymous Coward

        Re: Why Is Dido Harding Still in a Job?

        Extremely appropriate, since David Cameron is a PR man (which is why he fronts the Conservative Party) and TalkTalk sounds more like a PR company than anything to do with modern communications.

        Politics, philosophy and economics sounds to me like the only subject at Oxford where you need just 33% to get a First, so long as it's the politics bit.

      2. VulcanV5
        Big Brother

        Re: Why Is Dido Harding Still in a Job?

        Like so many of her ilk, she's still in a job because her name is still on the Christmas card list of the Address Book clique that runs so much of this country. As her Christmas card sharing friend David Cameron once said to his Christmas card sharing friend Rebekkah Brooks: LOL.

        As in: Linger On, Lying.

    6. Anonymous Coward
      Anonymous Coward

      Re: Why Is Dido Harding Still in a Job?

      More women need to be in these top positions to have management that is representative of society.

      Or so we're told.

      1. itzman

        Re: Why Is Dido Harding Still in a Job?

        Well that is a moot point - of course she is very representative of society - venal incompetent and overweight - but are these qualities you want in a CEO?

      2. fullcrowmoon
        FAIL

        Re: Why Is Dido Harding Still in a Job?

        I'm pretty sure misogyny has no place here. Incompetence and failure are not gender-related issues. Dido needs to go, but it's for other, less obnoxious, reasons.

    7. Anonymous Coward
      Anonymous Coward

      Re: Why Is Dido Harding Still in a Job?

      I had a suspicious call here late last week too; dreadful line quality, so couldn't make out what they were saying, in a blatant foreign accent, so warned them off and hung up, because it couldn't be a professional caller...

      Social Engineer me, ha not happening; I've security aware and have ample security training at work!

      I'll query dubious account security checks by any kind of service providers who I call or call me, because I don't want the information to be misused or faulty security to allow miscreants access to my accounts. I have ID protection anyway, because it is only a matter of time before a service provider cocks up.

      1. Richard 12 Silver badge

        Re: Why Is Dido Harding Still in a Job?

        Sounds like you already got "socially engineered", as ID protection isn't even worth the paper it's not written on.

        What do they do to "protect" your ID?

      2. Danny 14 Silver badge

        Re: Why Is Dido Harding Still in a Job?

        I never get calls like this. If i did then id pass to my dog,he loves chatting on the phone depending on what is on TV (bake off makes him go nuts)

    8. Lallabalalla
      Unhappy

      Re: Why Is Dido Harding Still in a Job?

      I think you'll find that *Baroness* Dido Harding, if you please, is a member of the Government's Business Advisory Group, so no doubt we can look forward to a great many more of these scandals in the future.

      https://www.gov.uk/government/news/business-advisory-group

      Her husband John Penrose MP is Lord Commissioner (HM Treasury) (Whip) and also Parliamentary Secretary to the Cabinet Office.

      So I don't think she's going to be coming in for any criticism from anyone who matters - a group that excludes any TalkTalk customers.

  2. Craigie

    Talktalk have never been a real ISP in any way. They are basically a shell, with everything outsourced and offshored. They have negligible support or customer service infrastructure. This has been the case since the very beginning. If you use them for anything, this is who you are giving your money to.

  3. Anthony Hegedus Silver badge

    fuck this makes me angry!

    "No banking details have been taken that you wouldn't already be sharing when you write a cheque or give to someone so they can pay money into your account."

    A few years ago, we rather foolishly left our account details on our website for people to pay us, and we had a dozen or so direct debits set up through our account. Scammers can use these details to order services, sell them to their marks, and then run off with the cash, whilst the mark realises a few days later that the service was never paid for.

    No checks are done when setting up direct debits.

    1. Cuddles Silver badge

      Re: fuck this makes me angry!

      Indeed. Wasn't it Jeremy Clarkson who famously published his bank details in a newspaper, claiming there was no possible security issue with letting everyone know them, and promptly had a reasonably large donation to charity taken from his account? I might be happy handing over the occasional cheque or giving my account details to a friend or customer, but that's a rather smaller pool with a much lower likelihood of fraud than "everyone on the internet". Someone like Clarkson might not be expected to know any better (although presumably he does now), but you'd rather hope that a company with a legal responsibility to protect data properly would take things a little more seriously.

      1. John G Imrie Silver badge

        Re: fuck this makes me angry!

        Yep according to this http://news.bbc.co.uk/1/hi/7174760.stm someone set up a £500 direct debit to Diabetes UK. Though I think it would have been funnier to have sent the money to Greenpeace.

    2. J3D1

      Re: fuck this makes me angry!

      'No checks are done when setting up direct debits'

      Should that be a necessity now as that could well be a chink in the armour.

      1. Graham 32

        Re: fuck this makes me angry!

        @J3D1 Maybe not. Direct Debits allow companies to be reliably paid on time. The alternative is sending bills and waiting for customers to pay up, chasing with follow up demands etc which is less efficient and so more costly.

        If there's the occasional fraudulent DD set up that companies/banks/whoever have to refund it may well be cheaper than having a more secure DD system that fewer people use.

        Someone will be crunching the numbers, and I expect the current DD system will still be the cheapest.

        1. Rimpel

          Re: fuck this makes me angry!

          That doesn't mean it can't be improved tho. All that is needed would be for you to log in to your bank and approve any direct debit that has been set up on your account in order to activate it within the 14 day cooling off period.

          1. Martin an gof Silver badge

            Re: fuck this makes me angry!

            log in to your bank and approve any direct debit

            Yeah, best of luck with that. My mother-in-law doesn't even own a computer, much less know which end of a mouse is which and while she's become quite adept at text messaging in the three or four years she's had a mobile phone, my dad can only just about remember how to operate the digital TV box and leaves "all that stuff" to my mum who at least knows where the power button is on her Mac (no mean feat!).

            My own simple solution to a lot of the problems - if you never sign up for online banking or telephone banking then you know that if you get an email or a phonecall ostensibly from your bank it must be a scam.

            But that does rather rely on having a branch nearby that I can go to when things need sorting. It works for me, but I know that there have been a lot of branch closures over the last 20 or so years and so it won't work for everyone.

            Oh, and when I had my card details nicked a while back it was (almost certainly) in a branch of a well-known retailer (i.e. not online) and although my bank cancelled the card immediately we spotted the problem, neither we nor they spotted for a further few months that a Continuous Card Payment had also been set up for a £7/month subscription and - guess what - even though the old card was cancelled and I was issued with a new one, the CCP was automatically rolled-over to the new card. You'd have thought that a subscription would have an address attached, but I doubt anyone would bother to check...

            M.

          2. teebie

            Re: fuck this makes me angry!

            " log in to your bank and approve any direct debit "

            That potentially opens a lot of attack vectors (*) to shut down one. And requires you to trust your bank's security.

            (*) keyloggers, accessing your bank account via your email, scam mails, banking app etc

          3. davemcwish

            Re: fuck this makes me angry!

            @Rimpel

            If I setup a new recipient via internet banking (I haven't tried DD), I'm required to go through a telephone authorization procedure before it's activated. I can't see that it would be difficult to implement this for DD.

  4. Phil_Evans

    Untrusted Media

    And whilst all this is going on, our friends at Sky and the Beeb mouth the press releases to camera without questioning any of the inconsistencies. For an entire day, the Beeb was putting out the Dodi-DDOS line with 'experts' like Rory Cellan Jones 'explaining' what it means to we, the little people. This is the new 'digital' media as they keep telling us as if they know squat.

    Again (and again and again), big business sailing too close to the wind with razor-thin operations with no talent making a farce of service with our personal and financial information. And not giving a sh...

    1. I. Aproveofitspendingonspecificprojects

      Getting rid of schmucks

      That doesn't sound very British, so I suppose the BBC will be keeping Rory Cellan Jones, foreskin and all.

  5. Kubla Cant Silver badge

    cyber criminals are becoming increasingly sophisticated and attacks against companies that do business online are becoming increasingly frequent

    It was SQL injection, a 10-year-old attack vector, FFS! Any system that isn't written and supported by buffoons should repel it as easily as Dildo shrugging off blame.

    It's as if a car manufacturer sold a new car that can go at 100 mph, which turns out to use the brake technology from a 1908 Model T. They would be liable for the subsequent deaths and injuries.

    1. Camilla Smythe

      "It's as if a car manufacturer sold a new car that can go at 100 mph, which turns out to use the brake technology from a 1908 Model T. They would be liable for the subsequent deaths and injuries."

      "It's as if a broadband supplier sold a package that can go at 50Mb/s and throttled it to 10KB/s. They would be liable for errrrrr mumble mumble mumble."

      As you were.

    2. Anonymous Coward
      Anonymous Coward

      SQL injection? Based on what evidence?

      1. This post has been deleted by its author

    3. Infernoz Bronze badge
      Meh

      There is no excuse for building dynamic SQL directly as bare strings at all, that includes template APIs which don't know about SQL escaping. Developers should use either a mature SQL builder API or a mature persistence API which automatically append SQL escaped values or uses parametrised SQL. All code should be routinely security audited and upgraded, that also includes early rejection of bad parameter values which could cause denial of service, database data-type specific exploits or value reflection exploits.

      All software architects, designers and developers should be security aware, because vulnerabilities can be quite subtle and much harder to fix later; this gets even more complex on distributed systems like cloud systems.

  6. Anonymous Coward
    Anonymous Coward

    Let's try to weather the storm

    they said. And the gamble's paid off.

    1. Anonymous Coward
      Anonymous Coward

      Re: Let's try to weather the storm

      And the gamble's paid off.

      Only so far. According to one of the Reg hosted whitepapers on data breaches, the average cost of a data breach (investigation, resolution, restitution, trust winback campaigns, lost business) is over £100 per record. If that plays out true to form for TalkTalk, then this is a £100m+ hit. I have a suspicion that because of the high churn rate in telecoms reselling, and the vast publicity this has had that the costs to TalkTalk could easily be a lot higher. They've just had to pull all their marketing campaigns, and those are probably contractually committed costs, so they won't be seeing their money back, and that will affect customer acquisition rates. The sales teams are (hopefully!) sitting on their arses waiting for a phone to ring (and hopefully, again) when it does ring, its a wrong number or a scammer asking if they've been missold PPI.

      I was subject to data breach by the incompetent fuckers at a Dixons Carphone subsidiary a few months back. Funny isn't it that the chairman of both Dickhead Carphone plc and of TalkTalk plc is Charles Dunstone? Could it be that he fosters a "think of the money" culture that puts short term profits ahead of customers every time?

      I'd like to nominate Dunstone for a board position with Thomas Cook - they appear to have the same values.

      1. davemcwish

        Re: Let's try to weather the storm

        @Ledswinger

        "I have a suspicion that because of the high churn rate in telecoms reselling, give

        it 6 - 12 months for people to forget and people will sign up" <- fixed it for you

        ElReg commentards will remember but there's a lot of people that don't follow this and will just go for a cheap deal at any given time.

  7. Anonymous Coward
    Anonymous Coward

    Direct debit

    got a DD due to go out on Thursday, wonder if theyll have to cheek to try it? Bank already been told to decline all DDs from Talk Talk, and Talk Talk call centre been told I'll be leaving it like that until an satisfactory explanation given .....

    1. John G Imrie Silver badge

      Re: Direct debit

      I'd make sure that you have a copy of that bank instruction in writing. Then I'd still check my account the next day.

      1. Anonymous Coward
        Anonymous Coward

        Re: Direct debit

        i do, and i did.

        Talk Talk, however, have said they'll charge me £10 for any rejected direct debit ...

  8. Anonymous Coward
    Anonymous Coward

    All of the card protection and data protection stuff is a complete waste of time. Good luck convincing the board to fork out on doing anything properly ever again in the security world.

    Also all the talk about credit cards, I'm pretty sure that with all the personal data that's gone missing people can steal your identity.

    1. Infernoz Bronze badge
      Meh

      PCI and the Data Protection people should have mandatory fines and even loss of merchant status, so that there is no choice; PCI should forbid personal detail leaks too because the card issuers rely on personal details for customer anti-fraud enquiry authentication. Yes, ID theft is possible, as is Social Engineering, especially when joined up with other data sources.

      Point of Sale (shop till) software seems to be migrating to using security hardened, external services and devices to handle credit cards and user information for robust security, less need for PCI-* certification, and for flexibility; there is no reason that web software can't do the same. If any user data could be captured, it should be orders of magnitude smaller quantity of transactions.

  9. Anonymous Coward
    Anonymous Coward

    The effects of this could reach further than you'd think.

    In York a company called City Fibre are currently installing the first widespread FTTH infrastructure ( 1GB, both directions) in the UK, primarily to evaluate the commercial viability of such schemes. Now, can you guess which ISP they've signed up with to sell this to the homeowners, many of who will already have access to Virgin FTTC cable ?

    1. Mr Flibble
      Boffin

      Wouldn't that make City Fibre a TalkTalk wholesale reseller? In that case, the consumers would have contracts with them rather than TalkTalk, so TalkTalk won't have most of the information. I'm also assuming that CF have rather better than the TT level of data security…

      (Also, doesn't stealing data imply removal of said data from its original location? If the data remains there, it's not stolen, merely illegally duplicated…)

      1. Alan Brown Silver badge

        "Wouldn't that make City Fibre a TalkTalk wholesale reseller?"

        Yup. And there are a lot of smaller ISPs who are in the same boat. Mine is one of them.

        My DSL box has been hit so hard with external attacks over the last few weeks that it's been periodically rebooting when it runs out of ram to keep the logs in.

  10. adam payne Silver badge

    Isn't it about time TalkTalk just held their hands up and accepted they were stupid, apologise properly and give a detailed explanation of what went wrong.

    1. Anonymous Coward
      Anonymous Coward

      Isn't it about time TalkTalk just held their hands up and accepted they were stupid, apologise properly and give a detailed explanation of what went wrong.

      Ladies & Gentlemen, I offer you incontrovertible proof that aliens both exist, and live amongst us here on planet Earth. The look like us, they sound like us, but they are still struggling to understand how and why things work as they do.

      1. adam payne Silver badge

        I perfectly understand how things work but that doesn't mean they should work that way.

  11. allthecoolshortnamesweretaken
  12. Jason Bloomberg Silver badge
    Devil

    Dido Harding the Hero

    From TalkTalk's perspective she's done a fine job no matter what people here think of her. The 'hack' has all but disappeared from media coverage, no one is really any wiser as to what happened, why or even what was 'stolen', let alone who did it. Harding sailed the ship through the storm and the share price is recovering. And, if some people guessed that it would happen that way, they likely made a tidy profit in the process. In a month's time most people will have forgotten it even happened and it will be business as usual.

    You can down vote me - but that's just shooting the messenger.

    1. I. Aproveofitspendingonspecificprojects

      Re: Dido Harding the Hero

      They think its all over.

      It isn't yet!

    2. Anonymous Coward
      Anonymous Coward

      Re: Dido Harding the Hero

      Hero? I guess it depends on how many customers have to jump ship before she walks the plank.

  13. BlissIRL

    PCI-DSS has no meaning to them her or the people empowered to protect the data. Good news everyone the new Infosec laws on the horizon will see companies like this held accountable and if found guilty of not securing the environment to the standards set out by the guidlines , its massive fines and business going under for them.

  14. Commswonk Silver badge

    Telephone call for Mr King...

    Or more likely not. Given the less than flattering report that Justin King dropped on Thomas Cook what is really needed is an equivalent report being presented to TalkTalk. Personally I would like to see Justin King do it but somehow I don't see it happening; the only people who think TalkTalk has done / is doing a good job would appear to be their own hierarchy.

    On the plus side BBC Radio 4's You and Yours is keeping the wider topic of on - line security on the boil so the entire subject ought to remain fairly high in the public conciousness. Even allowing for some peoples' "mishaps" to be at least partially their own fault a great number of the problems discussed on today's programme could never have arisen if those who hold personal data had done a proper job of protecting it.

    I am not a TT customer, but I am not complacent about the risks associated with living a part of my life on - line. Not sure that Mrs Commswonk is quite so watchful, and she is the one who spends more on line than I do. (Money, not time, where I am conspicuously ahead)

    I just find it deeply disappointing that so little seems to be being done to make sure that TT and others who take inadequate care of our data are properly rewarded for their lack of investment in both the time and the money to keep our data safe.

  15. Pascal Monett Silver badge

    So the Board is happy with how the situation has been handled

    Well, we'll see if the board is still happy after the customers leave in droves.

    If customers are unhappy enough - and have an alternative available - to do so.

    If that is not possible, there just might be enough people to mount a class-action lawsuit - although I don't know the status of that kind of legal action in the UK. If it is possible though, then it will hurt the board directly.

    But reality commands that this is just a minor issue that will be forgotten after XMas holidays. I doubt very much that any number of people will be leaving because of this.

    1. Alan Brown Silver badge

      Re: So the Board is happy with how the situation has been handled

      "Well, we'll see if the board is still happy after the customers leave in droves."

      They do anyway, the problem is that up to now they've been easy to replace.

      Class-action litigation has just become doable in the UK and there have been a few actions already.

      The _real_ pain for the board and TT will be fending off thousands of individual actions when people discover their details have been stolen and used. There's a right of private action in the DPA as well as the (laughable) fines imposed by the ICO - and a recent court of appeal decision upheld the right to claim for distress in addition to any monetary losses.

      TT may try to disclaim any extra costs (such as having to change banking details etc), but they're on the hook for them and they must be cacking themselves.

  16. Commswonk Silver badge

    What about Bae Systems?

    IIRC TT called in Bae Systems to crawl over their IT security; can anyone recall when that was? Obviously Bae may not have been able to turn up before the 'phone was back on its rest, but how long would it be likely to take to come up with a reasonably comprehensive report? (I am not an IT person so I do not have any idea myself)

    What I think we can be certain about is that in the event of Bae giving TT a clean bill of health (in the sense that it had found that TT had done as much as was realistically possible to prevent a security breach) then TT would have been trumpeting the fact long and hard. OTOH if Bae found that TT's IT security was woefully inadequate I think we would be subjected to a loud and eloquent silence on the subject.

    TT are / will be under no specific obligation to publish Bae Systems' findings, but in the event of a favourable report I cannot imagine them (TT) just sitting on it. Of course the ICO and relevant Parliamentary Committee might well be able to insist on at least seeing a copy, and while they might not be able to insist on publication they are well placed to make sure that the contents are - one way or another - put into the public domain.

    I await further and better particulars with growing interest...

    1. Alan Brown Silver badge

      Re: What about Bae Systems?

      "TT are / will be under no specific obligation to publish Bae Systems' findings"

      All it takes is demanding that report as part of discovery in a legal case.

      1. Commswonk Silver badge

        Re: What about Bae Systems?

        "All it takes is demanding that report as part of discovery in a legal case."

        Well yes... and no. Release might well be required as part of the Advanced Disclosure process, but such release is to the Court not to the Press. I suspect that any claimant's lawyer who immediately sent a copy to the papers (or even El Reg) would find him(her)self dropped on from a very great height.

        Of course reporting anything said in open court is another matter entirely, but any such action is likely to months or even years in the future.

        That said I live in hope that Harding, D. gets her just desserts at some point; it is worth remembering that eventually Fred Goodwin got his (well. sort of) even if it took rather long. Others bankers are still waiting for theirs.

        Disclaimer: IANAL!

  17. This post has been deleted by its author

  18. Baskitcaise

    They are still touting...

    I had one of their envelopes drop on the floor this very morning, now I presume they are sent out from some agency probably organised before all of this debacle but it got short shrift anyway because TT shafted me about 5 years ago. (long story, but at the time I had a feeling that they were having money problems then)

  19. A Ghost
    FAIL

    Talk Talk should change their name to NASA

    Never

    A

    Straight

    Answer

    1. Alan Brown Silver badge

      Re: Talk Talk should change their name to NASA

      I'm wondering when they'll try the Chewbacca defence.

      (And I've called them Bork Bork for years.... The statements are generally about as intelligible and the chef is more understandable than the helpdesk)

  20. Lallabalalla

    There will be no official comeback from any of this

    I think you'll find that *Baroness* Dido Harding, if you please, is a member of the Government's Business Advisory Group, so no doubt we can look forward to a great many more of these scandals in the future.

    https://www.gov.uk/government/news/business-advisory-group

    Her husband John Penrose MP is Lord Commissioner (HM Treasury) (Whip) and also Parliamentary Secretary to the Cabinet Office.

    So I don't think she's going to be coming in for any criticism from anyone who matters - a group that excludes any TalkTalk customers.

  21. Anonymous Coward
    Anonymous Coward

    New DDOI attack

    Poor Dido. She hasn't yet realized she's inflicted a Distributed Denial of Information attack on us all.

  22. hogarthr

    Talk Talk have not yet contacted me in any way!

    I recently left TalkTalk due to their abysmal customer service, but as a recent customer they still have my personal data stored (and potentially compromised). TalkTalk have not contacted me in any way (as an ex-customer) to inform me of the situation in regard to my personal data. Have any customers been contacted? Just an informational email would be nice.

  23. Joe Harrison

    I am not joining in the hating until I have all the facts

    Nobody knows what actually happened, apart from speculation that they might have got SQL-injected. What if they were actually running a tight ship but got clobbered by a 0-day could you still call them idiots?

    As an aside, the only time I ever had a problem with a Talk Talk connection I bypassed their official customer support entirely and went straight to their user forums. Some excellent people on there who helped me wireshark my way to success.

  24. Anonymous Coward
    Anonymous Coward

    Politicians letting Dido off lightly?

    Lack of calls to resign.

    Dido's dad is a major Conservative party donor

    http://www.independent.co.uk/news/uk/politics/how-hedge-fund-super-rich-donated-19m-to-tory-party-10024548.html

    1. Lallabalalla

      Re: Politicians letting Dido off lightly?

      BARONESS Dido Harding is a business adviser to David Hameron. She'll probably get a tax haven as a reward.

  25. John Nuttall

    I was contacted by someone passing themselves off as Talk Talk, complete with call centre noises in the background. They had my name and telephone number and were ringing from an 'unavailable' CLI. I have withheld call blocking so I assumed that it really was Talk Talk. They said that there were some technical problems with my line/router and, as there had been some issues, again I believed them. They got me to download what eventually turned out to be spyware. At one point I asked them for proof that they were actually Talk Talk and they produced my account number. They then started trying to obtain bank details at which point I terminated the call. I contacted the real Talk Talk who confirmed that it hadn't been them but would not take responsibility for any consequences. I got my local PC shop to remove my data, wipe my machine and reinstall data and OS at a total cost of £70. I then asked Talk Talk via e-mail chat how they intended to reimburse me. Their 'advisor' seemed completely unable to grasp what I was telling him and kept saying that they wouldn't compensate me as it hadn't been Talk Talk that rang me. I then rang Talk Talk customer services and was put straight through to a supervisor who immediately admitted their failure and compensated me by reducing my next twelve months bill by around £200. As I believe that everyone makes mistakes, even me, I accepted that and am staying with Talk Talk

  26. This post has been deleted by a moderator

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019