UK ISP TalkTalk Admits to Security Breach of Home Engineer Data - ISPreview UK
Oh no, not again. TalkTalk has found itself in yet more hot water over their security after the ISP admitted that private information being held by its own “BrightSparks” engineers (NOT Openreach) had been compromised and strategically abused to defraud several subscribers.

At this point we’ve started to lose track of the ISPs security fails, but sadly here’s another one to add to last year’s huge cyber-attack (here) and of course the recent abuse by Wipro’s call centre staff in India (here) that may or may not be related to today’s news.

The latest situation began last November after criminals attempted to steal money from several of the ISP’s customers, often only a day after they had been visited by one of TalkTalk’s broadband engineers. During the visit the engineer told the customers to expect a follow-up call the next day, which occurred as planned, but the BBC’s Radio 4 Money Box programme notes that all was not what it seems.

Apparently the follow-up call, which confirmed accurate details of the earlier visit (i.e. the caller clearly had access to the subscriber’s information), then proceeded to trick TalkTalk’s customers into allowing them to take control of their computers by installing Malware for the purpose of carrying out fraudulent activity.

As if the situation couldn’t get any worse the ISP initially refused to acknowledge that the call had even taken place, although this was perhaps a result of the fraudsters working to cover their tracks or possibly not even using the official call centre. In a brief statement the ISP said it was “sorry” for the problems and confirmed that they had also notified the Information Commissioners Office (ICO).

Crucially it’s unclear if the recent Wipro arrests are related to today’s news and TalkTalk will not comment until the investigation has concluded. Unfortunately this isn’t the end of the story because another customer told the same radio show that they too had suffered a similar indecent, which occurred only last week. TalkTalk claims not to have received any further complaints about this issue since last year, so hopefully the one who called into Money Box is promptly moving to update them.
Comment: TalkTalk lost just over 100,000 customers after the data breech last year. How many will leave now?