Ongoing for now. From Sophos' Naked Security:
TalkTalk breach: CEO dismisses encryption, 15-year-old arrested
From The Register:
TalkTalk attack: 'No legal obligation to encrypt customer bank details', says chief
A few things from the first article:
Worrying if true.
and
Definitely true!
TalkTalk breach: CEO dismisses encryption, 15-year-old arrested
From The Register:
TalkTalk attack: 'No legal obligation to encrypt customer bank details', says chief
A few things from the first article:
Quote:
|
Security blogger Brian Krebs, citing sources "close to the investigation," reported that a hacker group had demanded a ransom of £80,000 in bitcoins (about $122,000) in exchange for a stolen cache of customer data. Krebs also reported that TalkTalk customer data was being offered for sale on a Dark Web forum called AlphaBay, and approximately 500 sales of data worth $75,000 had already been transacted. |
Quote:
|
Of course, if Krebs's claims are true, and the data was extracted using what's known as SQL injection - where an outsider tricks a database into serving up unencrypted data - encryption might not have been enough to prevent the breach in this case. |
Quote:
|
So far, however, all that we know is that we don't yet know what happened... |
The TalkTalk saga
Aucun commentaire:
Enregistrer un commentaire