TalkTalk data hack: Is the data held by your internet or telephone provider likely to be stolen?
Following the high-profile hacking of the TalkTalk website and the potential loss of data belonging to four million customers, CEO Dido Harding has taken a combative stance in spite of the disastrous leak, even claiming the internet provider's cyber defences were superior to those of her competitors.
Harding's assertions beg the question – if TalkTalk can be hacked and its customers details be laid bare, then can other providers such as BT, Sky and Virgin Media also be hacked and their consumers be exposed?
Information security consultant Paul Moore, who exposed the vulnerability of TalkTalk's security provision a year ago, told IBTimes UK: "Many other companies were vulnerable to these attacks," but explained internet providers were "tight lipped" about their security arrangements.
Moore said more worrying than the breach itself had been TalkTalk's response to it. "They are unwilling to do anything about it," he said, adding the company's claims it had better security arrangements than its rivals were ludicrous.
Joe Sturonas, chief technology officer of PKWARE, told IBTimes UK that standards had to be improved when it came to internet security. He said compliance was all well and good but the number of hackings in the past 18 months showed standards needed to be higher to protect consumers. "The reality is the compliance really isn't security. We can be compliant and not be secure," he said. "Compliance is good but I don't think it's enough."
Sturonas said one of the areas where improvements had been made was within the encryption of data, rather than just the networks that held it, but that this needed to be expanded.
"I do believe that many companies have only focused on encrypting devices and networks, but have largely avoided encrypting the data itself, mostly because they believe encrypting the data is hard to achieve," he said.
"What has been demonstrated time after time is that getting past the devices and networks protection is possible. Unless the data itself has been encrypted, breaches will continue to happen."
Sky declined to comment on whether it would be making any security changes in the wake of the TalkTalk scandal. "We don't routinely discuss details of our security procedures," a spokesman told IBTimes UK.
BT said in a statement to IBTimes UK that it was "fully compliant with the PCI-DSS standard". It added: "This is a worldwide standard set up to help businesses process card payments securely and reduce card fraud. The way it does this is through tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle.
"BT takes great pains to ensure we protect and secure our customer data, but will not reveal our security defences publicly. We regularly review the management of such data to ensure that it is suitably protected."
A Virgin Media spokeswoman said: "Ensuring customer data is secure is of utmost importance to Virgin Media. Virgin Media has a wide range of security measures in place including encryption."
© Copyright IBTimes 2024. All rights reserved.