Authorities have nabbed three employees of an Indian call center following an investigation into a spate of phone scams targeting TalkTalk customers.
On Wednesday, the UK broadband ISP released a statement regarding the arrests:
"We have been working with Wipro, (a call centre provider to TalkTalk and a number of other major businesses) and the local Police in Kolkata. Acting on information supplied by TalkTalk, the local Police have arrested three individuals who have breached our policies and the terms of our contract with Wipro. We are also reviewing our relationship with Wipro."
Jamie Rigg of Engadget notes that the information to which the workers had access was "extremely limited."
Nevertheless, authorities have reason to believe that the employees passed the data on to scammers.
It is important to emphasize that these types of low-level attacks pale in comparison to last October's hack, an incident which compromised a total of 157,000 TalkTalk customers' personal information and approximately 15,600 bank account numbers.
Nevertheless, as TalkTalk has stated itself, the breach did motivate it to launch a forensic review of its security, including that of its suppliers, to make sure that all of its protocols are being followed:
"We are determined to identify and deal effectively with these issues and we will continue to devote significant resource to keeping our customers’ data safe. Data theft and scams are a growing issue affecting all businesses and they are notoriously difficult to investigate and prosecute. We are pleased that our investigations have yielded results, and will continue to do everything we can to tackle these crimes."
No doubt TalkTalk chose to address these arrests in an effort to highlight its ongoing security investigation. A wise move, especially considering reports that customers had been complaining about phone scams well before the October hack, not to mention the fact that the ISP had failed to do anything in response because of a reported lack of resources.
— Simon PG Edwards (@spgedwards) October 23, 2015
When a company experiences a breach as large as the one TalkTalk suffered back in October, it takes a while before it can even hope to reclaim its customers' trust. This development suggests that the ISP might be on the road to such a recovery. Let us hope the company continues to maintain a proactive stance on security going forward.
In the meantime, according to Ars Technica, TalkTalk is scheduled to soon release its first quarterly earnings since the attack, figures which will no doubt reveal just how many subscribers chose to drop the ISP following the breach. Stay tuned!