An attack on the firm’s website has meant that credit card and bank account details, as well as date of births, addresses and customer names, may have been stolen.
CEO Dido Harding said she couldn’t confirm whether the data had been encrypted and that it was likely that details of TalkTalk’s customers had been compromised.
“The awful truth is, I don’t know if the data was encrypted,” Harding said. “I would love to be able to give customers that complete and unequivocal assurance, but it would be wrong of me to do so when the amount of data that these criminals have had access to is very large. I don’t want to give a false impression of confidence where I don’t have it.”
Harding also confirmed she had received a ransom demand “looking for money” from a group claiming responsibility for the attack.
Read more on recent cyber attacks:
- Ashley Madison attack could be hugely lucrative, but that’s not the only thing to fear
- SWAT team turns up at house of Mumsnet founder Justine Roberts due to cyber attack
She did not say whether payment had been demanded, but noted that the issue was now a live criminal investigation. Harding said she had personally received contact from someone purporting to be the hacker.
Harding has taken the decision that “going public” is the best route.
“If you’re a cyber criminal, the days of stealing data and then selling it for cash in the dark web ? they’re not so profitable as they used to be,” she said in a BBC interview. “And I do think that you see more cyber criminals wanting to effectively make money by extorting the companies that hold that data, and there’ve been a number of incidents just this week.”
Harding, the BBC reporter claimed, used the interview to apologise to customers.
“I’m sorry, is the first thing I need to say,” Harding said. “It is a challenge for every single business. This is a criminal attack, this is a very serious issue and cyber crime is on the rise. I would love to say this is just a TalkTalk issue but it isn’t.”