How well is TalkTalk handling the most recent cyber-attack on their website?
From a customer experience perspective, what what lessons can we take from how they’re handling the situation?
What can you do to ensure the security of your own data?
Here’s my take.[Tweet “How well is TalkTalk handling the most recent cyber-attack on their website?”]
The story so far
TalkTalk is one of the UK’s biggest quad-play telecoms operators. This recent cyber-attack is reportedly the third in under a year. With a customer base of around 4m this could turn into a costly affair.
Back in February 2015, the company confirmed hackers had stolen personal user information. That information was used to target customers with scam phone calls.
In early reports about the most recent attack, the CEO of TalkTalk Dido Harding, claimed she had received a ransom demand relating to the breach.
Then news broke that a 15-year old teenager had been arrested in Dublin. He has reportedly since been bailed. Read more here.
The sceptic in me wonders whether that is a convenient cover. Only time will tell whether the teenager was indeed responsible for this attack. Could it be he just (stupidly) sent the ransom demand?
Closer to home
Although not a customer of TalkTalk, I do remember earlier this year my own Dad being caught up in one of these telephone scams.
Somebody pretending to be from Microsoft, called him up and within a short space of time had taken control of his computer. They were about to scam money from him when he realised what was happening. Luckily, he put the phone down and shut his laptop.
I was reminded of this whilst listening to a Pensioner speaking about the TalkTalk situation. The gentleman interviewed on TV said he realised something was wrong just at the point the scammer was about to clear out his bank account.
Luckily he too realised he needed to put the phone down and disconnect from the Internet. [Tweet “If you’re being scammed… put the phone down and shut the laptop.”]. Unfortunately, there will be more stories like this to come. Whether they are directly related to this recent news story or not.
How do these attacks affect the company?
With my customer experience hat on, I have to say a situation like this is difficult to handle ‘correctly’. There are so many interested parties, each with differing needs and expectations:
- the customers, who may or may not have had their information leaked or compromised feel insecure, vulnerable, scared and angry the employees left to deal with the fallout from upset customers and senior executives alike will be in shock and worried about their future shareholders whose money is invested in the firm weigh up whether to sell up or call for heads to roll.
- The company’s share price has dropped by over 21% on this time last month. It appears now to be steadying, in part as a result of the way TalkTalk has handled the situation.
- Apart from the likely need to answer MPs questions, it is possible the Culture minister Ed Vaizey may mandate encryption of customer data. That will have repercussions and cost implications far beyond TalkTalk.
It is understandable that many TalkTalk customers want to ‘get out’. Some will be angry to learn TalkTalk will only let them leave their contract if they actually lose money from their bank accounts as a direct result of the hack. The number affected in that way is likely to remain very low.
That said, some in the legal profession now feel “That TalkTalk had already been susceptible to two hacking attacks before this third one, [which is] proof enough, that they have not taken enough steps to protect their customers’ personal data.”
You can read more on that in this article.
My view on how TalkTalk has handled the situation
It worries me the firm appears not to have put adequate protections in place following previous attacks. In this technology era that is inexcusable.
I think Dido Harding has done a pretty competent job in front of the media under intense pressure. I respect her for stepping up to the plate to provide televised or online video updates.
The company reacted quickly and put out clear communications on a regular basis via its website.
However, Dido Harding’s position at the top of TalkTalk is now under intense scrutiny. I am surprised by how few people are calling for her to go.
She must be held accountable for the apparent ‘repeated’ failures in data security at the firm.
I think the stance the firm has taken with regard to letting customers leave their contracts only if money has been stolen as a direct result of information is perhaps harsh, but it is to be expected.
[Tweet “No firm can afford a mass exodus of customers.”]
Having worked for Virgin Media for seven years, I know how challenging it can be to overcome serious brand affecting issues. Fixing the underlying issues does take time.
Business owners remember, it takes months or even years to build trust in your brand, but that can all be shattered in minutes. TalkTalk will feel the repercussions of this incident for a long time to come.[Tweet “Remember, it takes months to build trust in your brand, but that can all be shattered in minutes!”]
New customers will go elsewhere, unless TalkTalk wins them over with heavy discounts and marketing offers. Existing customers will churn – either now or when their contracts fall due for renewal.
TalkTalk’s competitors will be all over this. They would do well to check their own cyber-security measures are fit for purpose first.
A lesson for us all. Be more vigilant.
We as consumers actually do need to take responsibility for our personal information. We must get smarter about avoiding and cutting off hoax calls. They are an annoying fact of life.[Tweet “We consumers actually do need to take responsibility for our personal information.”]
In this case, it looks like bank sort code and account details may have been stolen, but that information alone is insufficient for someone to defraud you. They need other information from you first. Be vigilant.
It is our collective responsibility to use common sense when answering the telephone. We must think twice before giving out any kind of sensitive personal information.
Heed the information provided by TalkTalk themselves. Most firms adopt the same principles. TalkTalk state they: “never:
- Ask for your bank details to process a refund. If you are ever due a refund from us, we would only be able to process this if your bank details are already registered on our systems.
- Call you and ask you to download software onto your computer, unless you have previously contacted TalkTalk, discussed and agreed a call back for this to take place.
- Send you emails asking you to provide your full password. We will only ever ask for two digits from it to protect your security.”
I expect when the dust settles, the usual customer apathy will kick in. Whilst many are threatening to leave now, when they realise that is not easy, they will resign themselves to seeing out their contract.[Tweet “I expect when the dust settles, the usual customer apathy will kick in.”]
Customer experience and brand loyalty are tightly linked with ‘trust in the brand’. TalkTalk’s brand will suffer and it will take time to recover.
Further information can be found here: http://help2.talktalk.co.uk/oct22incident
