back to article TalkTalk confesses: Scammers have data about our engineers' visits to your home

A number of TalkTalk customers have had their maintenance visits data breached by fraudsters in an attempt to gain remote access of their computers, it has emerged. One customer, Chris, told The Register that a week after the cyber attack was reported he experienced some issues with his broadband, so TalkTalk sent an engineer …

  1. Phil O'Sophical Silver badge
    WTF?

    considering cutting ties with its Indian call centre provider after three employees at the site were arrested for allegedly scamming customers.

    Considering "cutting ties" ??? Wouldn't cancelling the contract right away and launching criminal proceedings against the company be more appropriate?

    1. Commswonk Silver badge

      Yes but...

      Cancelling the contract right away would necessitate having another call centre able to take over the work (if there is any left!) immediately, and that looks a bit optimistic.

      Launching criminal proceedings wouldn't be straightforward either, as it would require proof that a criminal act had been committed by the call centre company or one of its employees, and for all I know misappropriating and misusing personal data of UK citizens might not be an offence in India. At the same time TT might find itself being sued for early termination of the contract.

      TT's position is now almost beyond parody, and much as I would like to see proper punitive action being taken against it I suspect that I am going to have a long wait.

      Regrettably, even if I am not a TT customer victim.

      1. Inventor of the Marmite Laser Silver badge

        Re: Yes but...

        In TalkTalk's case, not having a call centre at all may improve the service enormously.

        Integrity? I doubt Dido has even heard of it.

      2. leexgx

        Re: Yes but...

        "" misusing personal data of UK citizens might not be an offence in India.""

        yes but it is still an offence in the UK that talktalk have committed as a company

    2. MyffyW Silver badge

      Another point would be: Is moving from one crappy outsourcer to another really going to make things better?

    3. Anonymous Coward
      Anonymous Coward

      It's a pity so many UK businesses find the statutory minimum wage paid to call centre workers in UK too heavy a burden to bear.

      It wouldn't be so bad if they spent some of the savings making sure the offshore providers were operating the strictest security policies.

      I try not to do business with any supplier who outsources their call centre overseas. If I ever receive a phone call from someone with an indian accent I immediately put the phone down, that's after years of experience that 99% of those calls were scams or at least unwanted telesales. My apologies to the 1% that may be legitimate.

      I'm surprised the Indian Government doesn't realise that being synonymous with scams (I'm thinking of the dozens of email scams I get from there too) risks long-term damage to a sector of their economy and needs intervention. But then I look back home at the UKs near useless ICO. Ho Hum.

      1. Chris Parsons

        If only more people were like you, A/C. Outsourcing/globalisation is the work of the devil and just one more battle won by Big Business v The Rest of Us. The only way we can win is by not dealing with people who are immoral shits. Difficult? Very, and not always possible, but any small win is worth having.

  2. Anonymous Coward
    Anonymous Coward

    DIdo Harding

    The Lady of the Manor must quit now. We know she is pally with David Cameroon and loved by the establishment, but its getting ridiculous.

    How can one be certain that only " a few" customers are affected?

    Even the figure touted during the last hack of about 159,000 customer accounts been hacked are suspect. Who verified them? Who audited the truth behind those figures ? Are we supposed to believe whatever they say anymore?

    5 months after the hack, even the Tal2go app has not been fixed. FFS.

    And they keep repeating the most annoying of clichés. " We are working hard to restore" our services, for 5 months.

    Dido doesn't know the meaning of encryption, either. Neither can she differentiate between her elbow and backside orifice.

    1. chivo243 Silver badge
      Thumb Down

      Re: DIdo Harding

      Like I said previously... She is in with the politicos... She will linger on a bit longer. Then announce she's leaving of her own accord, new challenges yada yada, with a nice severance package, back slaps all around, good on ya eh? She will then get some stewardship or some such nonsense that pays nicely too.

      1. Doctor Syntax Silver badge

        Re: DIdo Harding

        "She is in with the politicos"

        And?

      2. LucreLout Silver badge

        Re: DIdo Harding

        @Chivo234

        Yeah, there's far too much of that around. Yesterday I noticed that awful Pryce woman on TV plugging her book about life in jail on the beeb. Who cares? You're a criminal, now have some sense of shame and disappear from public life FFS.

    2. Eclectic Man

      Re: DIdo Harding

      "The Lady of the Manor must quit now. We know she is pally with David Cameroon "

      Well the Tories do complain that the House of Lords does not represent the way The People voted in the general election, so maybe she'll get a peerage, I'm sure someone thinks she deserves one.

      1. Anonymous Coward
        Anonymous Coward

        Re: DIdo Harding

        She's already a peer, and has spoken in the House Of Lords.

        Just when you thought it was safe, too...

    3. Doctor Syntax Silver badge

      Re: DIdo Harding

      "We know she is pally with David Cameroon and loved by the establishment, but its getting ridiculous."

      Irrelevant. This is not a matter of public policy unless OIC feel it appropriate to prosecute her personally, even assuming that's with her powers.

      It's a matter for TT's board in the first place and ultimately for the shareholders if they think it necessary to pressure the board. The media have, to their discredit, given her a free ride on this; had they taken a more critical approach the board might have had to act.

      1. Anonymous Coward
        Anonymous Coward

        Re: DIdo Harding

        It's a matter for TT's board in the first place

        So the chairman Charles Dunstone might hold her to account? Funny that his other chairmanship (Dixons Carphone) had a data breach last year as well. Could it be what is referred to as "shadow of the leader"?

        The media have, to their discredit, given her a free ride on this;

        Well, Charley Dunstone is also a non-exec fat cat at Daily Mail & General Trust. Can't see the tattle mongers of the Fail dishing the dirt on one of their own director's companies, can you?

  3. Andy Non
    FAIL

    Wow!

    Just when I thought TalkTalk couldn't get any worse, they plumb new depths. Soon they'll have to pay people to subscribe to their broadband.

  4. Anonymous Coward
    Anonymous Coward

    Dido's lament

    I just wanted to say that.

    1. Commswonk Silver badge

      Re: Dido's lament

      I think you mean Dido's lamentable

      FTFY

      1. Doctor Syntax Silver badge

        Re: Dido's lament

        "I think you mean Dido's lamentable"

        Google what he said.

        1. VinceH Silver badge

          Re: Dido's lament

          I always preferred Ultravox's Lament. :p

          1. Anonymous Coward
            Anonymous Coward

            Re: Dido's lament

            Lamentable dildo

    2. MyffyW Silver badge

      Re: Dido's lament

      Her third album was particularly disappointing

    3. Anonymous Coward
      Anonymous Coward

      Re: Dido's lament

      "my only regret is that I have but one upvote to give" (etc)

  5. Scaffa

    I imagine she'll be announced as a "Cyber Security Czar" or some such nonsense, with her vast experience in "dealing with" malicious attacks cited as a unique-qualificiation.

  6. Anonymous Coward
    Anonymous Coward

    Now it's much more serious ....

    let's hope it's just scammers that misuse this data, not some predatory creep targeting single females.

    Hopefully the (now very real) risk of this has stirred plod into action ?

  7. sysconfig

    Let's see...

    The customer called TalkTalk with regards to issues with his broadband after the breach. Engineer came around, and then again after that, some rogue would-be engineer knew all the details about the visit, including the engineer's name and the customer's account details.

    There's several options here:

    * engineer leaked data to rogue third party

    * call centre shared data with rogue third party

    * rogue third party compromised TalkTalk's network and still had live access to the system used to handle engineer visits after the breach

    Given TalkTalk's track record, the last option almost seems most likely. In good old TalkTalk tradition, I expect the next major breach to make headlines within a month or two...

    1. JohnMurray

      Re: Let's see...

      Where's the problem. TalkCrap mainly use BT engineers. Where they finally (and it is a long time down the repeated-visits-by-bt-engineer-road) send one of their guys around, he/she is largely a bigger waste of time than the bt engineer. It takes them 3 months to diagnose a corroded fitting. Anything more complex must never get sorted. I

  8. Neil Barnes Silver badge

    This does raise a point though...

    We now have dozens of companies - not just ISPs, but retailers of everything from books to insurance to holidays - who need large call centres. Many of which are full of (unfortunately) minimum salary people, either here or overseas, and who are entrusted with our most personal and private information.

    What are the provisions in place to prevent such folk from succumbing to the temptation of a large - or even small - er, consideration to talk about their work? How do the companies isolate what should be isolated from what needs to be shared between staff? How do they prove it?

    I'd love to see an article on the subject (hint, hint).

    1. Doctor Syntax Silver badge

      Re: This does raise a point though...

      It raises another point. If a business deals with end-user customers directly, rather than through retailers isn't contact with those customers part of the core business? Why outsource your core business?

      1. Anonymous Coward
        Anonymous Coward

        Re: This does raise a point though...

        Because it is not "your" core business. You just buy it on the cheap, outsource everything, rake in the cash, then if it burns no worries. You already made your quick buck. It's hard work to continue a good business. It's easy to buy an insurance firm, bank, ISP or retail shop and just turn a quick one on the customers before they notice. Run with the cash, rinse and repeat until there are no brand names left cheap enough for you to get away with it.

    2. Mark 85 Silver badge

      Re: This does raise a point though...

      From where I sit, it's a corporate culture problem... trust and respect. If you (the company) trust and respect your employees, they will do the same back. When that changes and it has for a lot companies (here in the US anyway), do not expect the frontline troops to be loyal and not steal and plunder whatever is available. And by whatever, I see it as everything from pens and paper to customer account details. The worse this culture slides, the worse the pilferage of anything not bolted down becomes. I suspect it's very possible that Talk-Talk is in this category.

      1. Peter2 Silver badge

        Re: This does raise a point though...

        Talk Talk are offering 38Mbps VDSL on their front page for £17.50 p/m, with a free modem, and free telephone calls for another couple of quid a month. With free service for the first year(!)

        It's simply impossible to actually deliver a high quality service, with a well maintained network, decent security covering your customer details, professional support by UK based IT professionals and stashing some money away for future upgrades to the network for that price.

        You want a better service? Then i'd suggest that you need to pay enough for the supplier to be able to do the job properly. Cut price services have to cut something to offer lower prices.

        I have been with the same ISP since they were delivering me a 512Kbps service. It's now a 80Mbps service, and I haven't ever been tempted to change. Yes, they have always been more expensive than the competition. However, they have never ever suffered a data breach, and are unlikely to because they can afford to have a stable, secure network with redunadancy, backups and still afford to retain highly trained and experianced staff.

        1. AJ MacLeod

          Re: This does raise a point though...

          "I have been with the same ISP since they were delivering me a 512Kbps service. It's now a 80Mbps service, and I haven't ever been tempted to change. "

          Until last week, I had been with the same provider since ADSL became available. Unfortunately however through numerous mergers and acquisitions they became TalkTalk business :( Actually their technical support team seemed pretty good right through, but billing became a headache and the final straw was when I wanted a price to upgrade to VDSL.

          I wasted 20 minutes arguing with a moron over my own name! (Actually it was regarding my business name; although it was a business broadband account clearly at some point their database had got messed up and my own name was in the business name field.) I'd already told him my name clearly three times but he was insistent that I must say "my company name is" followed by my own name in one sentence; having told him my own name multiple times and saying that perhaps they had the account under my own name was somehow not good enough.

          I haven't got the time or patience to deal with that kind of idiocy and have found another smallish ISP who have been excellent to deal with so far; I can speak to the same helpful person time and again if I wish to and they are capable of processing plain English without a computerised script doing it for them.

          Yes, they're more expensive; TTB were very good on price, but getting rid of TTB has been worth every penny.

      2. TheOtherHobbes

        Re: This does raise a point though...

        > If you (the company) trust and respect your employees, they will do the same back.

        Trust and respect? Why would you do that when there's money to be made?

        It's impossible to be cynical enough about these people. All the connections and social polish in the world can't disguise what they really are.

  9. David Gosnell

    Junk mail

    And still they junk-mail us trying to persuade us to sign up, despite them being below even BT on our list of likely providers in the event of hell freezing over.

    1. Anonymous Coward
      Anonymous Coward

      Re: Junk mail

      And still they junk-mail us trying to persuade us to sign up

      I like it when TalkTalk send me junk mail. The fully loaded cost of a fully "marketed-up" colour junk mail shot must be about 60p a shot. That's 60p less profit they make, and because they don't know I wouldn't touch them in the lifetime of this universe, they'll keep on trying.

      I do wish they'd include a reply paid envelope though, so that I could send their junk back to them, like I do for credit card mailings.

  10. BongoJoe
    Holmes

    A larger security risk

    The scene. A block with a striped shirt, eye mask and a bag marked 'Swag' is poring through the purchased data from his mate down the pub.

    "No, Nobby. We can't do Mr & Mrs Fotheringday over. They're in during the day. But, hang on, what's this? I've found details of a Miss Honeywinkle who has always asked for engineer visits at weekends and evenings. We'll pop around this afternoon..."

  11. Ged T
    Joke

    If only...

    ...there was a regulator of the UK Telephony Market; one that would oversee correct observance and act as the governance of Service Providers and Other Licensed Operators obligations, as per some licensing arrangement...

    1. Dan 55 Silver badge

      Re: If only...

      ... and have the power to overturn leaving penalties if the customer wants to leave and can prove that TalkTalk haven't upheld their side of the contract and/or statuary rights (e.g. in this case there's proof in spades that TalkTalk isn't competent enough to provide a reasonable service).

      1. Anonymous Coward
        Anonymous Coward

        Re: If only...

        {checks AC ticked}

        I did want to leave TalkTalk, and as I've said before on here, after half a dozen attempts via call centre and online "chat" (which is like talking to a slightly-less-talkative-than-average brick wall), sent them a letter saying "please explain what happened, as your call centre people won't, or I'll be forced to cancel DD and not pay you until you do." Surprise surprise, they didn't. So I cancelled DD. So they charged me £10, which I didn't pay, saying "told you I would if you didn't answer question, you chose not to answer question, so I cancelled. Your choice, not mine". Long story and several threatening emails from them later, I sent one back saying "answer the questions, or you're agreeing that you must have been in breach and I don't owe anything,, otherwise you could explain yourself. Stop sending me emails, telephoning or I'll start billing you for wasting my time.". (Funny how their letters require response within 168 hours but they can take three weeks to reply, and then ignore the issue?)

        Anyway - long story, sorry - it's not over: they are still refusing to explain themselves, and have set a debt collector on me. (The collections agent in question telephoned, then emailed, but refuse to say who they are working for unless i give them enough of my personal info for someone to take that plus the TT leak and help themselves to a nice holiday. A quick Google of their phone number shows TalkTalk)

        I've put a complaint in with the Ombudsman, but TT think a debt collector is a more appropriate response. Customer service? They read about it once. A very long time ago.

  12. philthane

    saved by the T&Cs

    Last year, looking for a cheaper ISP, I asked TalkTalk for a contract. It was >5000 words, nearly as bad as a Microsoft EULA, I gave up reading it and refused to sign up. Lucky escape!

  13. peterm3

    I was a TalkTalk customer until December 2015. I think I would be reluctant to go back unless they were much cheaper, they have an attitude problem. UK data protection regulations are so weak, so I'm not sure anyone in Government cares (especially with Dido's position). Dido says her typical customer lives in a tower block so I guess they're likely to be poor and don't matter.

    1. Anonymous Coward
      Anonymous Coward

      "Unless much cheaper"

      If it was a penny it would be too much. You could not pay me to join a company like that.

    2. Adam 52 Silver badge

      UK data protection regulations are so weak

      Thankfully our friends in the EU are changing that... two years and one month to go.

  14. clatters
    Flame

    Call Centre is operated by WIPRO

    I understand the Call Centre is operated by WIPRO. I cannot verify this but if it is true, this fraud is of such piffling and minor nature compared to what WIPRO employees COULD achieve. They are back office call centre and system testers for most of our FTSE 100 companies. WORRY!!!!!!

    1. MyffyW Silver badge

      Re: Call Centre is operated by <insert name here>

      The thing we should really worry about is that pretty much all FTSE companies now outsource, usually to the lowest bidder. If it's not Wipro, it'll be TCS, HCL, IBM, Capita, Infosys and so on into ignominy.

      The staff employed are either disillusioned onshore folk or over-managed, under-incentivised offshore folk. And pretty much anyone of them could compromise that FTSE company.

      I dare say outsourcing looks good on paper, but having a critical part of your company run by people who have no self-interest in that company is plain daft.

  15. Tony Pomfret
    Mushroom

    Dido - White Flag

    The title says it all really.

  16. Anonymous Coward
    Anonymous Coward

    Your mention of White Flag reminded me that I haven't listened to it in a long while, so rather than dig out the CD, I turned to YouTube. Quick Google, click the link and you get the inevitable advert before the video starts. Guess who? "PlusNet!"

    I assume they have bought "Dido" as an adword - if so hats off to them.

    1. Matthew Collier
      WTF?

      There are adverts on YouTube!!???

      I noticed this at a friends house recently, and he's running Windows with Chrome.

      I didn't realise!!! (how long has this been going on? (I've been running Firefox on Linux with AdBlock and all the other usual suspects for quite a few years now....so...))

  17. Ian Emery Silver badge

    Is there a link?

    I would like to see research into a possible link between people who sign up for TT, those who buy VTech toys, and those who believe anything they are told by the "powers that be".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019