Last week was quite a tough one for TalkTalk in the UK. It seems high-profile hacking is getting commonplace and not many sign of improvement. However, more than dwelling on the staggering fact that 4 million records were stolen, what is becoming more appalling is the management of the incident and the lack of transparency. TalkTalk have so far failed to explain where the records were stored and how exactly they were accessed. They claimed the Distributed Denial of Service (DDOS) was the attack vector, however, that alone wouldn’t result in the lost of the records.
This might be another wake up call for all industries to have data breach management in place. Once the damage is done, handling the ramifications and reputation of the company becomes equally important.
A detailed timeline of the TalkTalk hack is in The Register today.