Tag Archives | TalkTalk

Cluley 250 thumb

Scam victim sues TalkTalk

The Mirror reports on Michael Robinson, who is taking British broadband provider TalkTalk to court after they were hacked and he suffered at the hands of scammers:

Mr Robinson, of Whitburn, near Edinburgh, who is claiming “substantial” compensation said: “We have suffered mentally.”

He says the crooks also got hold of his wife’s details and photos of his children.

His bank refunded £257 after a conman called, saying he was from TalkTalk.

TalkTalk said: “Scammers only had minimal, inconsequential information.”

Minimal? Inconsequential? Hmm. Personally, I think minimal information would have been zero.

The scammers exploited information about TalkTalk customers (including names, dates of birth, address, email address, phone numbers, full bank account numbers and sort codes) seemingly stolen through an elementary SQL injection attack on the TalkTalk website.

In the hands of a criminal such information can easily be used in a scam telephone call to trick the unwary into believing they are talking to a member of TalkTalk staff.

TalkTalk, however, only offered to waive affected customers’ termination fees if victims could show that they had lost money as a direct result of the information above being stolen, not as a consequence of a subsequent scam phone call using the sensitive data.

TalkTalk would be wise to consider that trust takes years to build, seconds to lose, and a lifetime to regain (if you’re lucky).

Every one of those scammed customers will never use TalkTalk again, will tell all of their friends and family never to use TalkTalk, and some may even - like Michael Robinson - be tempted to seek financial redress through the courts.